General
-
Target
SecuriteInfo.com.W32.AIDetectNet.01.5786.29761
-
Size
548KB
-
Sample
220704-hfrqhsfagm
-
MD5
a03187c0c2cd810f605137b447475202
-
SHA1
c570719523f00fd9f5f868f012c6b859e20549e9
-
SHA256
8db93f119551dbb9e49d9894abb0c83e9043b18db2373ff590f90f768aa98587
-
SHA512
36768cb785ac34be7874b30bc4493f32caa0f8f6b6c7fadab5d798c23792b49026cfb66d6d1bea42dd49da0d7f50559ecd6d1539b23a52a30d82b84537c18c62
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.W32.AIDetectNet.01.5786.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://198.187.30.47/p.php?id=21242689357140
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
SecuriteInfo.com.W32.AIDetectNet.01.5786.29761
-
Size
548KB
-
MD5
a03187c0c2cd810f605137b447475202
-
SHA1
c570719523f00fd9f5f868f012c6b859e20549e9
-
SHA256
8db93f119551dbb9e49d9894abb0c83e9043b18db2373ff590f90f768aa98587
-
SHA512
36768cb785ac34be7874b30bc4493f32caa0f8f6b6c7fadab5d798c23792b49026cfb66d6d1bea42dd49da0d7f50559ecd6d1539b23a52a30d82b84537c18c62
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-