General
-
Target
a2faed43fb596a2e59b9bedd0481bba0c289df4f8b1ee93b92dad3ca5dcee595.exe
-
Size
241KB
-
Sample
220521-yhxmjsgbgj
-
MD5
e9b42d67c6b1d5f175f74e8cb2f6940e
-
SHA1
76af37cabcb66997463e158ca245461f98e3f9b7
-
SHA256
a2faed43fb596a2e59b9bedd0481bba0c289df4f8b1ee93b92dad3ca5dcee595
-
SHA512
a42109f183eed617132e6f7d05d526c9ba2ab183967fdf318e1215757c85b5ef9e42db4325c6c489db8db8d4c04b419d14f98646cba70c01a754251bafdb5821
Static task
static1
Behavioral task
behavioral1
Sample
a2faed43fb596a2e59b9bedd0481bba0c289df4f8b1ee93b92dad3ca5dcee595.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://198.187.30.47/p.php?id=10618622797291512
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
a2faed43fb596a2e59b9bedd0481bba0c289df4f8b1ee93b92dad3ca5dcee595.exe
-
Size
241KB
-
MD5
e9b42d67c6b1d5f175f74e8cb2f6940e
-
SHA1
76af37cabcb66997463e158ca245461f98e3f9b7
-
SHA256
a2faed43fb596a2e59b9bedd0481bba0c289df4f8b1ee93b92dad3ca5dcee595
-
SHA512
a42109f183eed617132e6f7d05d526c9ba2ab183967fdf318e1215757c85b5ef9e42db4325c6c489db8db8d4c04b419d14f98646cba70c01a754251bafdb5821
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-