General
-
Target
DHL Receipt_AWB811470484778.exe
-
Size
550KB
-
Sample
220704-dj36hagce6
-
MD5
9793f23ef551a5d09ad62a9dcfd58e0a
-
SHA1
28b8195cf73aa155711f8f5b6bac524cb7d0f759
-
SHA256
601ebfb93bcddf2d0ac3326372bdf7e5ae2dd7d3698b0deee9dbd015769f3b1e
-
SHA512
95946c489c3b7eef856c0243a3fd5cea2652c9e9e5e2ad5451b5e64a1f7f228ef611dd38278e73df5b72ce3f624daf2a729603b6cc0057db1c8d8b20ebbe46c9
Static task
static1
Behavioral task
behavioral1
Sample
DHL Receipt_AWB811470484778.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://198.187.30.47/p.php?id=36801378793752855
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
DHL Receipt_AWB811470484778.exe
-
Size
550KB
-
MD5
9793f23ef551a5d09ad62a9dcfd58e0a
-
SHA1
28b8195cf73aa155711f8f5b6bac524cb7d0f759
-
SHA256
601ebfb93bcddf2d0ac3326372bdf7e5ae2dd7d3698b0deee9dbd015769f3b1e
-
SHA512
95946c489c3b7eef856c0243a3fd5cea2652c9e9e5e2ad5451b5e64a1f7f228ef611dd38278e73df5b72ce3f624daf2a729603b6cc0057db1c8d8b20ebbe46c9
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-