General
-
Target
465168d19bfb65cdd4f4d7e12e7597484eaf1d728bdcf37aa7919d0fa2fd55d0.exe
-
Size
123KB
-
Sample
220521-yhx83sgbgp
-
MD5
1d0f883734eb02e89eb694ad01c21a86
-
SHA1
33455bdda3a09c30bd708259c60145947ccd05bc
-
SHA256
465168d19bfb65cdd4f4d7e12e7597484eaf1d728bdcf37aa7919d0fa2fd55d0
-
SHA512
05f8c7bf0181d41cd6126ad7edeb0110714212644d7c9d4b495e54bc94c8eb0b03783e4e037cad0a901bb11d931d8748b645d08ce5317df2aa4074ef4345f394
Static task
static1
Behavioral task
behavioral1
Sample
465168d19bfb65cdd4f4d7e12e7597484eaf1d728bdcf37aa7919d0fa2fd55d0.exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
465168d19bfb65cdd4f4d7e12e7597484eaf1d728bdcf37aa7919d0fa2fd55d0.exe
Resource
win10v2004-20220414-en
Malware Config
Extracted
lokibot
http://hyatqfuh9olahvxf.gq/BN3/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
465168d19bfb65cdd4f4d7e12e7597484eaf1d728bdcf37aa7919d0fa2fd55d0.exe
-
Size
123KB
-
MD5
1d0f883734eb02e89eb694ad01c21a86
-
SHA1
33455bdda3a09c30bd708259c60145947ccd05bc
-
SHA256
465168d19bfb65cdd4f4d7e12e7597484eaf1d728bdcf37aa7919d0fa2fd55d0
-
SHA512
05f8c7bf0181d41cd6126ad7edeb0110714212644d7c9d4b495e54bc94c8eb0b03783e4e037cad0a901bb11d931d8748b645d08ce5317df2aa4074ef4345f394
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Fake 404 Response
suricata: ET MALWARE LokiBot Fake 404 Response
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-