General
-
Target
b3b98e637db05ff760e28d692ea5f64ac0761fc9cca6ac59cd269418c08fe892
-
Size
992KB
-
Sample
220725-akpgysfafp
-
MD5
ada1a73dcac6ec90d082948b96e1dc32
-
SHA1
36ee17d2007fe9628dfd2500a48000d96c78dd4e
-
SHA256
b3b98e637db05ff760e28d692ea5f64ac0761fc9cca6ac59cd269418c08fe892
-
SHA512
53b7debe8aa04dd0338d44d398871a9d345dcc292887006b375ac98eda069a4e119b9c63c0940d2670922c1494c98f0b2e0b472a0fbf38fa9d0aa072894f3c4a
Static task
static1
Behavioral task
behavioral1
Sample
b3b98e637db05ff760e28d692ea5f64ac0761fc9cca6ac59cd269418c08fe892.exe
Resource
win7-20220718-en
Malware Config
Extracted
lokibot
https://strutitinca.ro/edd/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
b3b98e637db05ff760e28d692ea5f64ac0761fc9cca6ac59cd269418c08fe892
-
Size
992KB
-
MD5
ada1a73dcac6ec90d082948b96e1dc32
-
SHA1
36ee17d2007fe9628dfd2500a48000d96c78dd4e
-
SHA256
b3b98e637db05ff760e28d692ea5f64ac0761fc9cca6ac59cd269418c08fe892
-
SHA512
53b7debe8aa04dd0338d44d398871a9d345dcc292887006b375ac98eda069a4e119b9c63c0940d2670922c1494c98f0b2e0b472a0fbf38fa9d0aa072894f3c4a
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-