General
-
Target
4b59e43a9ca1e953099df4cf8fddc74e6c243bef1f38236ed8b5189c67046f00.exe
-
Size
123KB
-
Sample
220521-yhyjvadac3
-
MD5
618a2d701411384c8d7af09ee5d066ca
-
SHA1
3deba40d472f334a42715049e315b5cb5f095a75
-
SHA256
4b59e43a9ca1e953099df4cf8fddc74e6c243bef1f38236ed8b5189c67046f00
-
SHA512
45d8f4ab395e8d4c7a2676b3f6177769fd9c57d262576da8a4bdf9b08c993f7550042ebe6dcb670e63a4fcebef657fb1b327ba95a44d9ef9f9820f9f706e4c08
Static task
static1
Behavioral task
behavioral1
Sample
4b59e43a9ca1e953099df4cf8fddc74e6c243bef1f38236ed8b5189c67046f00.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://lokaxz.xyz/fc/bk/ss.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
4b59e43a9ca1e953099df4cf8fddc74e6c243bef1f38236ed8b5189c67046f00.exe
-
Size
123KB
-
MD5
618a2d701411384c8d7af09ee5d066ca
-
SHA1
3deba40d472f334a42715049e315b5cb5f095a75
-
SHA256
4b59e43a9ca1e953099df4cf8fddc74e6c243bef1f38236ed8b5189c67046f00
-
SHA512
45d8f4ab395e8d4c7a2676b3f6177769fd9c57d262576da8a4bdf9b08c993f7550042ebe6dcb670e63a4fcebef657fb1b327ba95a44d9ef9f9820f9f706e4c08
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Fake 404 Response
suricata: ET MALWARE LokiBot Fake 404 Response
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-