General
-
Target
purchase order_pdf.exe
-
Size
550KB
-
Sample
220704-fhy69sggd7
-
MD5
7d1340e0d8cee4b509a391b5e9ef92e6
-
SHA1
f17bcd9366704722067d523b353357cea86ccd9a
-
SHA256
11b716f0bac693179c51d80939dbaeb915a959ae63ea01ef9eb56af4bed6e6b9
-
SHA512
42fc898c321e443ce62afbab1c61fba7771c88f23c78bb2436bc145c1c566f2c2602d0f0d7649ecdedc26c79a2d3dd65639db3724e7e7d4bf86ccc6b89bbcbe9
Static task
static1
Behavioral task
behavioral1
Sample
purchase order_pdf.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://sempersim.su/gi8/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
purchase order_pdf.exe
-
Size
550KB
-
MD5
7d1340e0d8cee4b509a391b5e9ef92e6
-
SHA1
f17bcd9366704722067d523b353357cea86ccd9a
-
SHA256
11b716f0bac693179c51d80939dbaeb915a959ae63ea01ef9eb56af4bed6e6b9
-
SHA512
42fc898c321e443ce62afbab1c61fba7771c88f23c78bb2436bc145c1c566f2c2602d0f0d7649ecdedc26c79a2d3dd65639db3724e7e7d4bf86ccc6b89bbcbe9
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Fake 404 Response
suricata: ET MALWARE LokiBot Fake 404 Response
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-