General
-
Target
gunzipped.exe
-
Size
202KB
-
Sample
220114-qmvpragehq
-
MD5
a76b143e354a2ac9f363616ff4f8b239
-
SHA1
51bb9b6f0c004d4532ae7f83b58554c924f4d3cc
-
SHA256
d9bad692a869fdb2d3e9ec678e50f27e2dbe2f1fef185a8480df7eb5562d88f0
-
SHA512
08caf51783da2b857699ca0063410464e35faeec64a44d4e35ed7e098f5fa6447d36c8a01de7ab9ecbd863e690a910328ccb503e66a9ef679a98031bf5be5369
Static task
static1
Behavioral task
behavioral1
Sample
gunzipped.exe
Resource
win7-en-20211208
Malware Config
Extracted
lokibot
https://jnxxx1.xyz/JRM/w2/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
gunzipped.exe
-
Size
202KB
-
MD5
a76b143e354a2ac9f363616ff4f8b239
-
SHA1
51bb9b6f0c004d4532ae7f83b58554c924f4d3cc
-
SHA256
d9bad692a869fdb2d3e9ec678e50f27e2dbe2f1fef185a8480df7eb5562d88f0
-
SHA512
08caf51783da2b857699ca0063410464e35faeec64a44d4e35ed7e098f5fa6447d36c8a01de7ab9ecbd863e690a910328ccb503e66a9ef679a98031bf5be5369
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-