General
-
Target
Informe bancario.pdf.exe
-
Size
438KB
-
Sample
220703-z8fbmafcb9
-
MD5
21950205d5c3a8536711e5a90dd4c5f7
-
SHA1
59fd75874e921d19b9eed54817662b01f697bfac
-
SHA256
be934241304d999e605d938795046cde049e62fc8639557a61a60429ad737af9
-
SHA512
25de0b9cb1cba95d9f2604a72e6ee04a3c4e0ddc6037f5d87ccd631473b371a75f2bc4af31bca77ee56d26d0dba1364ed078f62df4e7d989db67084a94d22a97
Static task
static1
Behavioral task
behavioral1
Sample
Informe bancario.pdf.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://kossa.xyz/esi/pp/play.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Informe bancario.pdf.exe
-
Size
438KB
-
MD5
21950205d5c3a8536711e5a90dd4c5f7
-
SHA1
59fd75874e921d19b9eed54817662b01f697bfac
-
SHA256
be934241304d999e605d938795046cde049e62fc8639557a61a60429ad737af9
-
SHA512
25de0b9cb1cba95d9f2604a72e6ee04a3c4e0ddc6037f5d87ccd631473b371a75f2bc4af31bca77ee56d26d0dba1364ed078f62df4e7d989db67084a94d22a97
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Fake 404 Response
suricata: ET MALWARE LokiBot Fake 404 Response
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-