General
-
Target
SecuriteInfo.com.W32.AIDetectNet.01.5636.6173
-
Size
446KB
-
Sample
220725-c5aweabecr
-
MD5
df8bead35a67a92c618506dc716f4fc7
-
SHA1
30b9feec38333d0e3434533878c35ca41993a172
-
SHA256
8de2dce55136838fbe6c2ebad8addc2d2c2f552b9000933461560b834cd014f0
-
SHA512
7a948a60dabe7f838d895de02203f09dee31aa4db99be910b5cd151b3fb3504e117396a02786b5b1c72ee135b72dc2fe45b905c681750da3128fc1e7a2adf5b3
Static task
static1
Behavioral task
behavioral1
Sample
SecuriteInfo.com.W32.AIDetectNet.01.5636.exe
Resource
win7-20220718-en
Malware Config
Extracted
lokibot
http://66.29.145.162/?upps6kY5iFClzLE15GzzT6o9K2EZ
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
SecuriteInfo.com.W32.AIDetectNet.01.5636.6173
-
Size
446KB
-
MD5
df8bead35a67a92c618506dc716f4fc7
-
SHA1
30b9feec38333d0e3434533878c35ca41993a172
-
SHA256
8de2dce55136838fbe6c2ebad8addc2d2c2f552b9000933461560b834cd014f0
-
SHA512
7a948a60dabe7f838d895de02203f09dee31aa4db99be910b5cd151b3fb3504e117396a02786b5b1c72ee135b72dc2fe45b905c681750da3128fc1e7a2adf5b3
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-