General
-
Target
11093db310a4d793244ae42534acd614d8e4b27f635b7377954f7fd2f515d66e.exe
-
Size
123KB
-
Sample
220521-yhx83sgbhj
-
MD5
ecd214e92cab6fb7e793a9068303bc7b
-
SHA1
93e56deee788685d9166810b0147b841516216f0
-
SHA256
11093db310a4d793244ae42534acd614d8e4b27f635b7377954f7fd2f515d66e
-
SHA512
7bfc1a75cc8acc43a4047957405300dd868507a04c8da7f0c4d3e56ea34a773b9768930212bf93880a1bdb95feaf9d8e1d3d87962c66f879615b77f8e78922aa
Static task
static1
Behavioral task
behavioral1
Sample
11093db310a4d793244ae42534acd614d8e4b27f635b7377954f7fd2f515d66e.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://85.202.169.172/goodlife/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
11093db310a4d793244ae42534acd614d8e4b27f635b7377954f7fd2f515d66e.exe
-
Size
123KB
-
MD5
ecd214e92cab6fb7e793a9068303bc7b
-
SHA1
93e56deee788685d9166810b0147b841516216f0
-
SHA256
11093db310a4d793244ae42534acd614d8e4b27f635b7377954f7fd2f515d66e
-
SHA512
7bfc1a75cc8acc43a4047957405300dd868507a04c8da7f0c4d3e56ea34a773b9768930212bf93880a1bdb95feaf9d8e1d3d87962c66f879615b77f8e78922aa
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Fake 404 Response
suricata: ET MALWARE LokiBot Fake 404 Response
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-