General
-
Target
93560c992562cfcd669e2b3b642531e1d7a0c3f11069e24d95a2e393a4bc21d9.exe
-
Size
627KB
-
Sample
220521-yhx83sgbgq
-
MD5
3f5b425739428a25db82ab119082ab12
-
SHA1
3f63d174763f8c5c8d6a3a9cf9920eabaa151fef
-
SHA256
93560c992562cfcd669e2b3b642531e1d7a0c3f11069e24d95a2e393a4bc21d9
-
SHA512
f16663aae19a4c3ca740c6ec863e30292206b6ffe6c95f1f6585a23a805b3393d4503dacae03736e89b31d038e6719e748e14a61e00c9de48e7c2d59d6821a4e
Static task
static1
Behavioral task
behavioral1
Sample
93560c992562cfcd669e2b3b642531e1d7a0c3f11069e24d95a2e393a4bc21d9.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://85.202.169.172/kelly/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
93560c992562cfcd669e2b3b642531e1d7a0c3f11069e24d95a2e393a4bc21d9.exe
-
Size
627KB
-
MD5
3f5b425739428a25db82ab119082ab12
-
SHA1
3f63d174763f8c5c8d6a3a9cf9920eabaa151fef
-
SHA256
93560c992562cfcd669e2b3b642531e1d7a0c3f11069e24d95a2e393a4bc21d9
-
SHA512
f16663aae19a4c3ca740c6ec863e30292206b6ffe6c95f1f6585a23a805b3393d4503dacae03736e89b31d038e6719e748e14a61e00c9de48e7c2d59d6821a4e
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Fake 404 Response
suricata: ET MALWARE LokiBot Fake 404 Response
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-