General
-
Target
4ffe63d908344da61cbfea28d5078a968960b9bd65d7755923a8a4e75d6a112b
-
Size
546KB
-
Sample
220706-b34v2ahcb9
-
MD5
94efef6531f3d62d01779558bddb3d23
-
SHA1
3b7c00f05bbecdb6bdc372e571476b9d6936a8cc
-
SHA256
4ffe63d908344da61cbfea28d5078a968960b9bd65d7755923a8a4e75d6a112b
-
SHA512
6d0140e1c47d2d1dbb125bc6fba87bf0d7cf9ee7e3a4f090df284817c9852904e420f960ce573269ebaba1271f92ed80d78003211efd7277ac356d5c4ba6b825
Static task
static1
Malware Config
Extracted
lokibot
http://45.133.1.20/rostov2/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
http://�����������Ѝ������Й���Й��я��
Targets
-
-
Target
4ffe63d908344da61cbfea28d5078a968960b9bd65d7755923a8a4e75d6a112b
-
Size
546KB
-
MD5
94efef6531f3d62d01779558bddb3d23
-
SHA1
3b7c00f05bbecdb6bdc372e571476b9d6936a8cc
-
SHA256
4ffe63d908344da61cbfea28d5078a968960b9bd65d7755923a8a4e75d6a112b
-
SHA512
6d0140e1c47d2d1dbb125bc6fba87bf0d7cf9ee7e3a4f090df284817c9852904e420f960ce573269ebaba1271f92ed80d78003211efd7277ac356d5c4ba6b825
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Fake 404 Response
suricata: ET MALWARE LokiBot Fake 404 Response
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-