General
-
Target
610a3b3d5908f770afc5198c6c9aece8b28afedabd492fa90d602df8e1915aa0.exe
-
Size
281KB
-
Sample
220521-yhxmjsgbfn
-
MD5
45eb7b4ef35da0d16a5536cdaa9c7799
-
SHA1
0a874599297d2aa5ae66643fd2fcc2cc3a533a12
-
SHA256
610a3b3d5908f770afc5198c6c9aece8b28afedabd492fa90d602df8e1915aa0
-
SHA512
39c9efd66075046cd97d4a56e648426a5c1ff0278eefc04aa12c17518b7bd323fff92fb47d2915cfbc05583029dbbe37e5c58a5679c2b890f18c5d4ecfdc096c
Static task
static1
Behavioral task
behavioral1
Sample
610a3b3d5908f770afc5198c6c9aece8b28afedabd492fa90d602df8e1915aa0.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://198.187.30.47/p.php?id=73724919769333816
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
610a3b3d5908f770afc5198c6c9aece8b28afedabd492fa90d602df8e1915aa0.exe
-
Size
281KB
-
MD5
45eb7b4ef35da0d16a5536cdaa9c7799
-
SHA1
0a874599297d2aa5ae66643fd2fcc2cc3a533a12
-
SHA256
610a3b3d5908f770afc5198c6c9aece8b28afedabd492fa90d602df8e1915aa0
-
SHA512
39c9efd66075046cd97d4a56e648426a5c1ff0278eefc04aa12c17518b7bd323fff92fb47d2915cfbc05583029dbbe37e5c58a5679c2b890f18c5d4ecfdc096c
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-