General
-
Target
1e812f1b128d5239e70143e989d92c3a.exe
-
Size
418KB
-
Sample
220701-w3q96acae9
-
MD5
1e812f1b128d5239e70143e989d92c3a
-
SHA1
c05c7e84e1a13954c5d463122ad8a3892b5492f8
-
SHA256
ea99a4f07ab98f2622473a35a730b45d22ac6c646759b594144afdebff303eec
-
SHA512
171e59d5fd86aeeb49328adef842ae84ca13a016a9721a57e9c2d1862604e9d47fb14641f96d2549885cb26e38e6d76afcda6b81913f956385d92e9b2ad4a5f7
Static task
static1
Behavioral task
behavioral1
Sample
1e812f1b128d5239e70143e989d92c3a.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://lomboster.top/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
1e812f1b128d5239e70143e989d92c3a.exe
-
Size
418KB
-
MD5
1e812f1b128d5239e70143e989d92c3a
-
SHA1
c05c7e84e1a13954c5d463122ad8a3892b5492f8
-
SHA256
ea99a4f07ab98f2622473a35a730b45d22ac6c646759b594144afdebff303eec
-
SHA512
171e59d5fd86aeeb49328adef842ae84ca13a016a9721a57e9c2d1862604e9d47fb14641f96d2549885cb26e38e6d76afcda6b81913f956385d92e9b2ad4a5f7
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Fake 404 Response
suricata: ET MALWARE LokiBot Fake 404 Response
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-