General
-
Target
99f4bbf763a2b797fd11c8c03076fb107451c0d37dc78af1b633c94ce12ddfb0
-
Size
948KB
-
Sample
220701-hxykdsagf3
-
MD5
f9fe342a32568958766edcb80df8fb82
-
SHA1
48a1c3bdabae1a0a2795fdac5c49b1c06af1f38b
-
SHA256
99f4bbf763a2b797fd11c8c03076fb107451c0d37dc78af1b633c94ce12ddfb0
-
SHA512
251d11c24a353444624f2e45e318944e12c0b0a53803bd7b123264707acd594803cb873b355eb9b50a6fceb34a85dbfd9d468b175e60deea57288a625ada65f4
Static task
static1
Behavioral task
behavioral1
Sample
99f4bbf763a2b797fd11c8c03076fb107451c0d37dc78af1b633c94ce12ddfb0.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://pms-center.com/mb/Panel/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
99f4bbf763a2b797fd11c8c03076fb107451c0d37dc78af1b633c94ce12ddfb0
-
Size
948KB
-
MD5
f9fe342a32568958766edcb80df8fb82
-
SHA1
48a1c3bdabae1a0a2795fdac5c49b1c06af1f38b
-
SHA256
99f4bbf763a2b797fd11c8c03076fb107451c0d37dc78af1b633c94ce12ddfb0
-
SHA512
251d11c24a353444624f2e45e318944e12c0b0a53803bd7b123264707acd594803cb873b355eb9b50a6fceb34a85dbfd9d468b175e60deea57288a625ada65f4
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-