Overview
overview
10Static
static
Informe ba...df.rar
windows7_x64
3Informe ba...df.rar
windows10-2004_x64
Informe ba...df.exe
windows7_x64
10Informe ba...df.exe
windows10-2004_x64
10email-html-2.html
windows7_x64
1email-html-2.html
windows10-2004_x64
1email-plain-1.txt
windows7_x64
1email-plain-1.txt
windows10-2004_x64
transferen...df.rar
windows7_x64
3transferen...df.rar
windows10-2004_x64
General
-
Target
A4720720343174B26e4fc2ee6.txt
-
Size
1.1MB
-
Sample
220623-relybadchl
-
MD5
ead84dcd355536a9832b9c3cd69f919c
-
SHA1
8bd1201ac58457b9bdfbb1e10a3d79b7cc2ec47d
-
SHA256
80598001b726905261ebb25a9f1f96ab1c8e7c5dbaf99f6e3d61f70d064f84c5
-
SHA512
05494b4d5e4a0ed2b808b23839826ad4796abb8d68800ceceba5e6b7df1e0b5302c435ef567d59e9e74a15a0aedbf2fc81bfb94f10e2b800e13ffc5152d6ab6f
Static task
static1
Behavioral task
behavioral1
Sample
Informe bancario.pdf.rar
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Informe bancario.pdf.rar
Resource
win10v2004-20220414-en
Behavioral task
behavioral3
Sample
Informe bancario.pdf.exe
Resource
win7-20220414-en
Behavioral task
behavioral4
Sample
Informe bancario.pdf.exe
Resource
win10v2004-20220414-en
Behavioral task
behavioral5
Sample
email-html-2.html
Resource
win7-20220414-en
Behavioral task
behavioral6
Sample
email-html-2.html
Resource
win10v2004-20220414-en
Behavioral task
behavioral7
Sample
email-plain-1.txt
Resource
win7-20220414-en
Behavioral task
behavioral8
Sample
email-plain-1.txt
Resource
win10v2004-20220414-en
Behavioral task
behavioral9
Sample
transferencia de pago.pdf.rar
Resource
win7-20220414-en
Behavioral task
behavioral10
Sample
transferencia de pago.pdf.rar
Resource
win10v2004-20220414-en
Malware Config
Extracted
lokibot
http://ttloki.us/xz/ee/ttf.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Informe bancario.pdf.gz
-
Size
388KB
-
MD5
8c84924db5670f38b9d270f4ec43eda5
-
SHA1
0c88305be01d9036553fde598dda746965b62b9a
-
SHA256
912ceaef85fccb2357c7cadb5437afcd8dbff37dab20e1cc22cfdd4c9f6c3f15
-
SHA512
97bbd5e054336a26d5619666bf480a1f7e0a619bc639028f64395d4036e6a3ee3fe57b4484f57967dfe679986cdfb7f3c085c7d3da1886dd80b23ae51dc65b40
Score3/10 -
-
-
Target
Informe bancario.pdf.exe
-
Size
482KB
-
MD5
bf9c7d63f5116beb0922a01e7ff7012f
-
SHA1
8ef308edcfa79dfba17b92cbf6752f85e4a4f1d3
-
SHA256
8dbc2d3e85cc4d818fd9b3920138660701df08208b3659f08ac39fd57a06afbe
-
SHA512
55655927201555a03e8d69eed43d71ecf8496a557554eb45d2153811ba3bc5f00ccefa9ecb4d8262219e0764b74385332a06b583e0dac68728ca2f7742d9d143
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Fake 404 Response
suricata: ET MALWARE LokiBot Fake 404 Response
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-
-
-
Target
email-html-2.txt
-
Size
5KB
-
MD5
9175a3706297a21a7b7eda3a5098bc52
-
SHA1
e9546b80e31f47696ba739ada8f45db499cf1e49
-
SHA256
4c334235b528011136ac59cb0340493e88dc8f9f4e599ec54c0a6920d2323191
-
SHA512
d1b21cff1d4705fdb5cc732e46cd0504d60a9d11714c2191e20d02122ae35e54ffd922dac05cdcb28f9af01db422b1beda9f392b5eb7e888b4c19d404c458e28
Score1/10 -
-
-
Target
email-plain-1.txt
-
Size
321B
-
MD5
6d48994df23abf907786633d70702763
-
SHA1
4f37585911c10742f0add4ca6538e2cc16e7c48b
-
SHA256
22fa0af7cf49d8820ac3d0e1e929034b5c0101e96c33c07d015c5ea3bc36af19
-
SHA512
a07f91b6e70d57a164b917fd94c0a84bfc012dc43275bb9fbdd4b7d3ffb8cf6bad3aabe180df5f24b1456c38846c442c36af7e7ab4467d8631b3663fc4375b76
Score1/10 -
-
-
Target
transferencia de pago.pdf.gz
-
Size
388KB
-
MD5
74ee04c65f550fb029dc72d8bda1cb6b
-
SHA1
f8d7cb8b50e8ebfeb80790dfe186d2c2bef01c32
-
SHA256
3b947a32adf0b93db57132213fd2380683631d2e403e9aa9b06c405a17137ac2
-
SHA512
9b2db966c9735ffd75dbd99de437542fcf7f562e802aa58bae8b4719da64231f7a57b1675ceaf2af526e7b1121749f73212b6fd86201ccbe2f2cafb7dfa65578
Score3/10 -