General
-
Target
9735029fe7c56ac05cc6a0eff6ff1b00a69fa33dacaf06dd390313758ea3fe9b
-
Size
1.4MB
-
Sample
220725-akhdmsfaek
-
MD5
7374ba742a7ebeb7a3dcdf54c0f5f2d7
-
SHA1
f1a3d0c3c56b0626fc2b7a492366e36442059f5a
-
SHA256
9735029fe7c56ac05cc6a0eff6ff1b00a69fa33dacaf06dd390313758ea3fe9b
-
SHA512
e7acc570bf62ca245879505c579cc8597ca441fabc49d6b09bcc562db8c6a87a9c6c0a2c5422e8e52eeb91e9df444176b79b5c0094954086a8a9e2fe0b6b1e49
Static task
static1
Behavioral task
behavioral1
Sample
9735029fe7c56ac05cc6a0eff6ff1b00a69fa33dacaf06dd390313758ea3fe9b.exe
Resource
win7-20220718-en
Behavioral task
behavioral2
Sample
9735029fe7c56ac05cc6a0eff6ff1b00a69fa33dacaf06dd390313758ea3fe9b.exe
Resource
win10v2004-20220721-en
Malware Config
Extracted
lokibot
http://tracknaija.com/wp-content/b/wp-content/uploads/2018/Panel/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
9735029fe7c56ac05cc6a0eff6ff1b00a69fa33dacaf06dd390313758ea3fe9b
-
Size
1.4MB
-
MD5
7374ba742a7ebeb7a3dcdf54c0f5f2d7
-
SHA1
f1a3d0c3c56b0626fc2b7a492366e36442059f5a
-
SHA256
9735029fe7c56ac05cc6a0eff6ff1b00a69fa33dacaf06dd390313758ea3fe9b
-
SHA512
e7acc570bf62ca245879505c579cc8597ca441fabc49d6b09bcc562db8c6a87a9c6c0a2c5422e8e52eeb91e9df444176b79b5c0094954086a8a9e2fe0b6b1e49
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-