General
-
Target
eInvoicing_pdf.exe
-
Size
448KB
-
Sample
220701-sveplshghk
-
MD5
7e46d4a1ed21538e8cfde55d0651f728
-
SHA1
adeec5d250d8a82cf3f13b169e1ef534a1946fa1
-
SHA256
455563df34b30235385461d78d8f0588200923c0126eaa72992c6761cb843373
-
SHA512
3fbe66f47064a3a4f255a8bff42671d6ef63c9c4b9ce7741c6230fa30d08b1bd35463be9441499c45a6cf6f369b93991ac9c02942bf8ca36fe1d6dfaf44afdc4
Static task
static1
Behavioral task
behavioral1
Sample
eInvoicing_pdf.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://198.187.30.47/p.php?id=21242689357140
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
eInvoicing_pdf.exe
-
Size
448KB
-
MD5
7e46d4a1ed21538e8cfde55d0651f728
-
SHA1
adeec5d250d8a82cf3f13b169e1ef534a1946fa1
-
SHA256
455563df34b30235385461d78d8f0588200923c0126eaa72992c6761cb843373
-
SHA512
3fbe66f47064a3a4f255a8bff42671d6ef63c9c4b9ce7741c6230fa30d08b1bd35463be9441499c45a6cf6f369b93991ac9c02942bf8ca36fe1d6dfaf44afdc4
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-