General
-
Target
RFQ 11054.exe
-
Size
448KB
-
Sample
220704-kbbjvahgg3
-
MD5
48cf582798fe28db9fa92b590707bf26
-
SHA1
a09432f56a4026499ac2bb1d586ee6d795d8d1cc
-
SHA256
49c361c43361d599dda418898930e755acd9d2d3c9c0cf3b6ff12cd58e1d2aa0
-
SHA512
6c1385d7b999a3f783025eba66397d042026be8b88e1818b1570ac592c3a88c0490fe45dcaf932dc84787cb2e3dce995619f1fc3fa724bdd976dd6a1e0cfb139
Static task
static1
Behavioral task
behavioral1
Sample
RFQ 11054.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://sempersim.su/fo/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
RFQ 11054.exe
-
Size
448KB
-
MD5
48cf582798fe28db9fa92b590707bf26
-
SHA1
a09432f56a4026499ac2bb1d586ee6d795d8d1cc
-
SHA256
49c361c43361d599dda418898930e755acd9d2d3c9c0cf3b6ff12cd58e1d2aa0
-
SHA512
6c1385d7b999a3f783025eba66397d042026be8b88e1818b1570ac592c3a88c0490fe45dcaf932dc84787cb2e3dce995619f1fc3fa724bdd976dd6a1e0cfb139
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Fake 404 Response
suricata: ET MALWARE LokiBot Fake 404 Response
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-