General
-
Target
DHL_Mexico invoice101060.exe
-
Size
653KB
-
Sample
220701-w665saaecj
-
MD5
559d1039dbea67d63b86fe138a4714ee
-
SHA1
cc80047c060d58c384e5060104b9e408651e32a5
-
SHA256
9fc307afd60cf86fcd93464e2b89a3de2016230e5c6c43ce1b58ce1ae605dae7
-
SHA512
4e00f0882d186093b85715ce4d1735d849148baa8c142537d1efa3d6226e43233236aa1ddabcc921e82d39ffa01087d5ea292751140fc4326464de43293c57bc
Static task
static1
Behavioral task
behavioral1
Sample
DHL_Mexico invoice101060.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://sempersim.su/gi6/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
DHL_Mexico invoice101060.exe
-
Size
653KB
-
MD5
559d1039dbea67d63b86fe138a4714ee
-
SHA1
cc80047c060d58c384e5060104b9e408651e32a5
-
SHA256
9fc307afd60cf86fcd93464e2b89a3de2016230e5c6c43ce1b58ce1ae605dae7
-
SHA512
4e00f0882d186093b85715ce4d1735d849148baa8c142537d1efa3d6226e43233236aa1ddabcc921e82d39ffa01087d5ea292751140fc4326464de43293c57bc
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Fake 404 Response
suricata: ET MALWARE LokiBot Fake 404 Response
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-