General
-
Target
DHL_Receipt10106272873____________________________________________________________________________________________________________.bat
-
Size
1.1MB
-
Sample
220701-vkrmjaacbl
-
MD5
2f53deb379502fecd2a81113ffd835a6
-
SHA1
e160179ad42c2fad460b7b75070fa575672aff58
-
SHA256
c24aa19572a17632264c0af58695bea6a3fc8d0dccd12ba89f21dc481723b348
-
SHA512
11d6e0185131f4e9fd6952ad35077f7f6b2a29ed65372b552b5a86961204468f0c14cad083e549f5481ecb8d91f938db52ab43a7bb6d44cf2f2f3e1b922892d6
Static task
static1
Behavioral task
behavioral1
Sample
DHL_Receipt10106272873______________________________________________________________________________.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://sempersim.su/gi5/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
DHL_Receipt10106272873____________________________________________________________________________________________________________.bat
-
Size
1.1MB
-
MD5
2f53deb379502fecd2a81113ffd835a6
-
SHA1
e160179ad42c2fad460b7b75070fa575672aff58
-
SHA256
c24aa19572a17632264c0af58695bea6a3fc8d0dccd12ba89f21dc481723b348
-
SHA512
11d6e0185131f4e9fd6952ad35077f7f6b2a29ed65372b552b5a86961204468f0c14cad083e549f5481ecb8d91f938db52ab43a7bb6d44cf2f2f3e1b922892d6
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Fake 404 Response
suricata: ET MALWARE LokiBot Fake 404 Response
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-