General
-
Target
vbc.exe
-
Size
227KB
-
Sample
220704-mghapagebj
-
MD5
fe24a372442f45151a6418ed44f58b7e
-
SHA1
4db36eb921fc67dfb9b6cfab164a5bf3540f1b24
-
SHA256
10d1983494735d82cf4cfe28ed199a6514cc3569d9f5911e91e5a66e93a4b63a
-
SHA512
ff916f30512f7dd906e78e761ea09de6bb7c6e42f585a4a8a99523bace160ed81d2f7df89dde14cead22c802c3fff71260b6a78a02c29431349c61963c8e89f1
Static task
static1
Behavioral task
behavioral1
Sample
vbc.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://198.187.30.47/p.php?id=17414649419491256
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
vbc.exe
-
Size
227KB
-
MD5
fe24a372442f45151a6418ed44f58b7e
-
SHA1
4db36eb921fc67dfb9b6cfab164a5bf3540f1b24
-
SHA256
10d1983494735d82cf4cfe28ed199a6514cc3569d9f5911e91e5a66e93a4b63a
-
SHA512
ff916f30512f7dd906e78e761ea09de6bb7c6e42f585a4a8a99523bace160ed81d2f7df89dde14cead22c802c3fff71260b6a78a02c29431349c61963c8e89f1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook profiles
-