General
-
Target
c7b9e29df98fc46548eb830362ad94629874aa27b3aba537034131e7b008c5b8
-
Size
202KB
-
Sample
220524-1bbslsceem
-
MD5
27357dc1e0a92b5ee499642d26e78bd6
-
SHA1
d2653e0b2efb216734cece5587b238d5d030dc59
-
SHA256
c7b9e29df98fc46548eb830362ad94629874aa27b3aba537034131e7b008c5b8
-
SHA512
5f418870df416c55bccd8d53475dca0a0d559e83979b4196ccac71ff20ba89dacd115d9cd1005f5ccfa9893ed5ead5cf03d1266da2e0137cd73edb91ed4d9a8d
Static task
static1
Behavioral task
behavioral1
Sample
ORDER.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://siiigroup.com/blue/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
ORDER.exe
-
Size
299KB
-
MD5
0b6611fb0663d7bbcb6856ba3ae7f3ac
-
SHA1
57b7c52296c529c0d2307382eaf8aaed150c24b7
-
SHA256
14cbfd81ab9f8f3ae1926d160ddaa8a0f2a61f5ce89f30efc18487e419705c91
-
SHA512
8deea5c6b92c861e1abb4f5271f5c0af24a03bf38786fdb3c81c07ed6c11fbfa60c19af7e5a042a28344f45853e3e47f5c95f49592fc54f0e6cb68cb379102fa
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-