General
-
Target
Cotizaciónpdf.exe
-
Size
245KB
-
Sample
220114-tx4beshdhr
-
MD5
3fe29e21698212a70e03144bb4979632
-
SHA1
b400de247096542b778aa7ed7584f6829b5bbf4e
-
SHA256
c42005e0a00c3ecbaff6c1189ca8b6f1298a818878ceaebb623585c399c8ba81
-
SHA512
a37080b42f317bcaf288acc2ede4fd178bf8227a6f0650b61378e829458fb26808f6fb64250e32bb737f583ddb75264c1fde488e31ceb57d7890005f04ab723d
Static task
static1
Behavioral task
behavioral1
Sample
Cotizaciónpdf.exe
Resource
win7-en-20211208
Behavioral task
behavioral2
Sample
Cotizaciónpdf.exe
Resource
win10v2004-en-20220113
Malware Config
Extracted
lokibot
http://slimpackage.com/slimmain/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
Cotizaciónpdf.exe
-
Size
245KB
-
MD5
3fe29e21698212a70e03144bb4979632
-
SHA1
b400de247096542b778aa7ed7584f6829b5bbf4e
-
SHA256
c42005e0a00c3ecbaff6c1189ca8b6f1298a818878ceaebb623585c399c8ba81
-
SHA512
a37080b42f317bcaf288acc2ede4fd178bf8227a6f0650b61378e829458fb26808f6fb64250e32bb737f583ddb75264c1fde488e31ceb57d7890005f04ab723d
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-