General
-
Target
Maersk Line Shipping Document.rar
-
Size
494KB
-
Sample
220706-hgxcdsbgb8
-
MD5
e912d17abdcbe11ebba675cad178bb4e
-
SHA1
1ccc1fa43bae5c6ffaea43ec75cbef3546aca84c
-
SHA256
3931bc0872ab8b1d677be8c9d2736d4824cc46d05c9acc47048602c1d234bcc8
-
SHA512
f86d9bbda4644f2f914a48d0ca4dc99789e42be4fa27e0f7838c4fbcc1c2ec137b8b8f99c44e146ea2eca8abea2f5c1a38b845386a4d5790fc10af277b91823f
Static task
static1
Behavioral task
behavioral1
Sample
Maersk Line Shipping Document.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://198.187.30.47/p.php?id=10316882234268616
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Maersk Line Shipping Document.exe
-
Size
541KB
-
MD5
c25ee801e401b60ab7ab4754d0694b61
-
SHA1
c772d71329a0dafe61720bb81b7eeef50116b8de
-
SHA256
a3d46f7fe68a30115c4eae725622d4336e7ea6dde46b0104d113ddd55ff1e5a5
-
SHA512
f5d4a99eb83edad1f1a17330b3193b07732ccbf04c89a852b3c99a24a292341175b266c7313971ac1298c212160cb786ea613c2a19cbd2e10f9f871ade8dd39a
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-