General
-
Target
ac2c9b074e76788f9e8d1bfb0cfbf45a1c897331f5e1061dabc75a3ab1020179
-
Size
145KB
-
Sample
220701-hmaqksgehr
-
MD5
a7cb109485d73f7adaf68652d04e254b
-
SHA1
e65ffdc9bcd87de5125aa22dc11c3b445e76f803
-
SHA256
ac2c9b074e76788f9e8d1bfb0cfbf45a1c897331f5e1061dabc75a3ab1020179
-
SHA512
809e7bfb582065ef5936148b98ef8f72bf33badc634cc77ca9e5d9fadbdf6847794b1efd3fa4dc74fbff36e70287847a60fcc12eb22070ea370ada3c5c9eec83
Static task
static1
Behavioral task
behavioral1
Sample
ac2c9b074e76788f9e8d1bfb0cfbf45a1c897331f5e1061dabc75a3ab1020179.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://cred0paper.com/tatah/display/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
ac2c9b074e76788f9e8d1bfb0cfbf45a1c897331f5e1061dabc75a3ab1020179
-
Size
145KB
-
MD5
a7cb109485d73f7adaf68652d04e254b
-
SHA1
e65ffdc9bcd87de5125aa22dc11c3b445e76f803
-
SHA256
ac2c9b074e76788f9e8d1bfb0cfbf45a1c897331f5e1061dabc75a3ab1020179
-
SHA512
809e7bfb582065ef5936148b98ef8f72bf33badc634cc77ca9e5d9fadbdf6847794b1efd3fa4dc74fbff36e70287847a60fcc12eb22070ea370ada3c5c9eec83
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-