General
-
Target
325b14d349cd69c5c00c417c4154fc0991a97a22210326c39c434ac05c111455.exe
-
Size
557KB
-
Sample
220521-yhxbsadaa3
-
MD5
8133ee977a0f5e8649fdf16976ff84fc
-
SHA1
b97f14c79e56b206f94dfdda6525ce8ddf7ef6b3
-
SHA256
325b14d349cd69c5c00c417c4154fc0991a97a22210326c39c434ac05c111455
-
SHA512
1571ef43e27d052d0cf8201e3adcb017320739d2783ae5f376381ef8143dc979f4041da8961b31d029f0d5d283b1344c4b3d1cbbbde8ed486f7575d450a87297
Static task
static1
Behavioral task
behavioral1
Sample
325b14d349cd69c5c00c417c4154fc0991a97a22210326c39c434ac05c111455.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://sempersim.su/gg1/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
325b14d349cd69c5c00c417c4154fc0991a97a22210326c39c434ac05c111455.exe
-
Size
557KB
-
MD5
8133ee977a0f5e8649fdf16976ff84fc
-
SHA1
b97f14c79e56b206f94dfdda6525ce8ddf7ef6b3
-
SHA256
325b14d349cd69c5c00c417c4154fc0991a97a22210326c39c434ac05c111455
-
SHA512
1571ef43e27d052d0cf8201e3adcb017320739d2783ae5f376381ef8143dc979f4041da8961b31d029f0d5d283b1344c4b3d1cbbbde8ed486f7575d450a87297
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Fake 404 Response
suricata: ET MALWARE LokiBot Fake 404 Response
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-