General
-
Target
6e396609ace8bf0c1b7b5bfed4c13d3d94e89d7cebac2235d8abecd134207e42
-
Size
197KB
-
Sample
220704-w29p4scfe5
-
MD5
6b20d188e4be867ff6ad8c34a9b1747d
-
SHA1
b56ad19e275f3abc2253f219053a053d660ec3e4
-
SHA256
6e396609ace8bf0c1b7b5bfed4c13d3d94e89d7cebac2235d8abecd134207e42
-
SHA512
5fd707c036b68f42c64f681e40b60a2f1b269cdf7a439109b0ad6e4c8529a8dfdcf10de2ceec59a005ebdb5a3bae9eedc9b133ce1dd407f2c3bc864130fe684a
Static task
static1
Malware Config
Extracted
lokibot
http://hyatqfuh9olahvxf.ga/BN1/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
6e396609ace8bf0c1b7b5bfed4c13d3d94e89d7cebac2235d8abecd134207e42
-
Size
197KB
-
MD5
6b20d188e4be867ff6ad8c34a9b1747d
-
SHA1
b56ad19e275f3abc2253f219053a053d660ec3e4
-
SHA256
6e396609ace8bf0c1b7b5bfed4c13d3d94e89d7cebac2235d8abecd134207e42
-
SHA512
5fd707c036b68f42c64f681e40b60a2f1b269cdf7a439109b0ad6e4c8529a8dfdcf10de2ceec59a005ebdb5a3bae9eedc9b133ce1dd407f2c3bc864130fe684a
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Fake 404 Response
suricata: ET MALWARE LokiBot Fake 404 Response
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-