General
-
Target
fgtToX654yF6Jrh.exe
-
Size
582KB
-
Sample
220707-k6ke8sceb9
-
MD5
b4625731758be5cc056580eef61a2111
-
SHA1
2295300701dd2c65b41663de365e2084d097cd9a
-
SHA256
3733bc38369c103205ce9cceacb873e50a63623aa29c3f27146fb571d251e98f
-
SHA512
fd7efab8a17b748abf8b58b54dac94637f4a3729dafd19b749dac28e9f474f960b8926c471166102122cb6902ef7ee98585696d790a10e1ed37810493d1d528b
Static task
static1
Behavioral task
behavioral1
Sample
fgtToX654yF6Jrh.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://45.133.1.45/health5/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
http://�����������З������Й���Й��я��
Targets
-
-
Target
fgtToX654yF6Jrh.exe
-
Size
582KB
-
MD5
b4625731758be5cc056580eef61a2111
-
SHA1
2295300701dd2c65b41663de365e2084d097cd9a
-
SHA256
3733bc38369c103205ce9cceacb873e50a63623aa29c3f27146fb571d251e98f
-
SHA512
fd7efab8a17b748abf8b58b54dac94637f4a3729dafd19b749dac28e9f474f960b8926c471166102122cb6902ef7ee98585696d790a10e1ed37810493d1d528b
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Fake 404 Response
suricata: ET MALWARE LokiBot Fake 404 Response
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-