General
-
Target
Maersk Line Shipping Document.exe
-
Size
541KB
-
Sample
220706-hg1ptahggk
-
MD5
c25ee801e401b60ab7ab4754d0694b61
-
SHA1
c772d71329a0dafe61720bb81b7eeef50116b8de
-
SHA256
a3d46f7fe68a30115c4eae725622d4336e7ea6dde46b0104d113ddd55ff1e5a5
-
SHA512
f5d4a99eb83edad1f1a17330b3193b07732ccbf04c89a852b3c99a24a292341175b266c7313971ac1298c212160cb786ea613c2a19cbd2e10f9f871ade8dd39a
Static task
static1
Behavioral task
behavioral1
Sample
Maersk Line Shipping Document.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://198.187.30.47/p.php?id=10316882234268616
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Maersk Line Shipping Document.exe
-
Size
541KB
-
MD5
c25ee801e401b60ab7ab4754d0694b61
-
SHA1
c772d71329a0dafe61720bb81b7eeef50116b8de
-
SHA256
a3d46f7fe68a30115c4eae725622d4336e7ea6dde46b0104d113ddd55ff1e5a5
-
SHA512
f5d4a99eb83edad1f1a17330b3193b07732ccbf04c89a852b3c99a24a292341175b266c7313971ac1298c212160cb786ea613c2a19cbd2e10f9f871ade8dd39a
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-