General
-
Target
1a07532785f1d0a43b0b5d68d54e411dd3f1bf1faec90deba15e2bff2df86cff
-
Size
517KB
-
Sample
220705-3m2vaaedbl
-
MD5
682f1a11681229794b6a48fe65b9e223
-
SHA1
a35bacfea0c786cfc4a9d6c59071807520511d78
-
SHA256
1a07532785f1d0a43b0b5d68d54e411dd3f1bf1faec90deba15e2bff2df86cff
-
SHA512
d6c6a6cf38a4b1b97ae1738861d241dfaa1f972d171ccfd57ec961810b7d123cebb42f20a9e4c79c22a5d0c6f30d4c818d4059649c7efb298a08ae9f3a422435
Static task
static1
Malware Config
Extracted
lokibot
http://198.187.30.47/p.php?id=12495881296063980
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
1a07532785f1d0a43b0b5d68d54e411dd3f1bf1faec90deba15e2bff2df86cff
-
Size
517KB
-
MD5
682f1a11681229794b6a48fe65b9e223
-
SHA1
a35bacfea0c786cfc4a9d6c59071807520511d78
-
SHA256
1a07532785f1d0a43b0b5d68d54e411dd3f1bf1faec90deba15e2bff2df86cff
-
SHA512
d6c6a6cf38a4b1b97ae1738861d241dfaa1f972d171ccfd57ec961810b7d123cebb42f20a9e4c79c22a5d0c6f30d4c818d4059649c7efb298a08ae9f3a422435
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-