General
-
Target
3cacd089bce6981fcab183c6a9531240bb3a5bda31c5d9cb99cf4299f8a50c88
-
Size
813KB
-
Sample
220703-gdw2saahh5
-
MD5
73755d6e936af11625df76c1c40f0a25
-
SHA1
cd91bf83947b743067731379e3976d8a91367c80
-
SHA256
3cacd089bce6981fcab183c6a9531240bb3a5bda31c5d9cb99cf4299f8a50c88
-
SHA512
469d435127c7359907d2edb2d2a8585b9e621ef95d23969b1de0448893fcb603a797136e92ccc9d5a5fea6cd89cfd13549f31000446f70488e1711d7436664cf
Static task
static1
Behavioral task
behavioral1
Sample
3cacd089bce6981fcab183c6a9531240bb3a5bda31c5d9cb99cf4299f8a50c88.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://shahkara.com.tr/LOKI/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
3cacd089bce6981fcab183c6a9531240bb3a5bda31c5d9cb99cf4299f8a50c88
-
Size
813KB
-
MD5
73755d6e936af11625df76c1c40f0a25
-
SHA1
cd91bf83947b743067731379e3976d8a91367c80
-
SHA256
3cacd089bce6981fcab183c6a9531240bb3a5bda31c5d9cb99cf4299f8a50c88
-
SHA512
469d435127c7359907d2edb2d2a8585b9e621ef95d23969b1de0448893fcb603a797136e92ccc9d5a5fea6cd89cfd13549f31000446f70488e1711d7436664cf
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-