General
-
Target
factura comercial.exe
-
Size
1.8MB
-
Sample
220707-xwgyksacd3
-
MD5
95b1a3cfa2d4df2598682cbc945a0544
-
SHA1
daad0dcf697838a0d2209490d0382370248d8647
-
SHA256
67ce061bac5dd35217eebc864b76f730cdab413ed6620660b80e95dec5868d3f
-
SHA512
c5dd2da04fb99f900ebc8945028c4e0bde6f26404840d07751db98407811da3220d92c791686ab5e2eed18a68994b60becc10b3c4e84dde7ad96b7ff645f8fea
Static task
static1
Behavioral task
behavioral1
Sample
factura comercial.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://sempersim.su/gi7/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
factura comercial.exe
-
Size
1.8MB
-
MD5
95b1a3cfa2d4df2598682cbc945a0544
-
SHA1
daad0dcf697838a0d2209490d0382370248d8647
-
SHA256
67ce061bac5dd35217eebc864b76f730cdab413ed6620660b80e95dec5868d3f
-
SHA512
c5dd2da04fb99f900ebc8945028c4e0bde6f26404840d07751db98407811da3220d92c791686ab5e2eed18a68994b60becc10b3c4e84dde7ad96b7ff645f8fea
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Fake 404 Response
suricata: ET MALWARE LokiBot Fake 404 Response
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-