General
-
Target
tmp
-
Size
425KB
-
Sample
220705-ga4x8aeddk
-
MD5
b6835b83683407511b1cb2d7157d9487
-
SHA1
678a38b33a35d8a5e21f23320e19ac4e38bb1b27
-
SHA256
b65fd047ca18025cd457b3b5725ac61de6a8893a47de0fbb8226d29e1e82e6e9
-
SHA512
c4fd2113f6ca873aa437f35e442b0cc2dfb13809f0a14dddd37ac956afc09887dbe8340ac9f9bfc59811923e46933e0b17bc4b902b6554324baf9dfd538b7475
Static task
static1
Behavioral task
behavioral1
Sample
tmp.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://45.133.1.45/perez1/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
http://�����������Џ�����Й���Й��я��
Targets
-
-
Target
tmp
-
Size
425KB
-
MD5
b6835b83683407511b1cb2d7157d9487
-
SHA1
678a38b33a35d8a5e21f23320e19ac4e38bb1b27
-
SHA256
b65fd047ca18025cd457b3b5725ac61de6a8893a47de0fbb8226d29e1e82e6e9
-
SHA512
c4fd2113f6ca873aa437f35e442b0cc2dfb13809f0a14dddd37ac956afc09887dbe8340ac9f9bfc59811923e46933e0b17bc4b902b6554324baf9dfd538b7475
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-