General
-
Target
ea135a6b1296c4041c8c5083b84573ce167e3ad757c0989c9060a902eec15e46
-
Size
532KB
-
Sample
220707-s147fsbfd2
-
MD5
75c415220becc3ddad0a7cb84ef37155
-
SHA1
edc412ccf2c7dac8aff2272d84c5083de59080e2
-
SHA256
ea135a6b1296c4041c8c5083b84573ce167e3ad757c0989c9060a902eec15e46
-
SHA512
cb8ad153295ea03e833d102c81e0d781edb9485ad9fc2d9a0532654d934831604c37fa1244e9781116a0a92a07a0ecf811ba4dadaf7d62a9c454777f344b7783
Static task
static1
Malware Config
Extracted
lokibot
http://sempersim.su/gf10/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
ea135a6b1296c4041c8c5083b84573ce167e3ad757c0989c9060a902eec15e46
-
Size
532KB
-
MD5
75c415220becc3ddad0a7cb84ef37155
-
SHA1
edc412ccf2c7dac8aff2272d84c5083de59080e2
-
SHA256
ea135a6b1296c4041c8c5083b84573ce167e3ad757c0989c9060a902eec15e46
-
SHA512
cb8ad153295ea03e833d102c81e0d781edb9485ad9fc2d9a0532654d934831604c37fa1244e9781116a0a92a07a0ecf811ba4dadaf7d62a9c454777f344b7783
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Fake 404 Response
suricata: ET MALWARE LokiBot Fake 404 Response
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-