General
-
Target
d2ce3b2a5f3efb1fcede96304e57a531
-
Size
123KB
-
Sample
220505-hhgnbsabcj
-
MD5
d2ce3b2a5f3efb1fcede96304e57a531
-
SHA1
d74be8fe0be4ec13340dad9c0fdeb653c9c8b90e
-
SHA256
e0a4948a58829f4ecd9e6fb9b28e127a6827bd8761ded085d2069a248f6f5462
-
SHA512
fd0d0b51000b146049db24ecac27885ff4f688b4e40b42061972d21aaa45f8657437db8f56880f5414f00b5e35febce8a339b1d30bd387f8f11a179b222e828b
Static task
static1
Behavioral task
behavioral1
Sample
d2ce3b2a5f3efb1fcede96304e57a531.exe
Resource
win7-20220414-en
Malware Config
Extracted
lokibot
http://45.133.1.20/oluwa/five/fre.php
http://kbfvzoboss.bid/alien/fre.php
http://alphastand.trade/alien/fre.php
http://alphastand.win/alien/fre.php
http://alphastand.top/alien/fre.php
Targets
-
-
Target
d2ce3b2a5f3efb1fcede96304e57a531
-
Size
123KB
-
MD5
d2ce3b2a5f3efb1fcede96304e57a531
-
SHA1
d74be8fe0be4ec13340dad9c0fdeb653c9c8b90e
-
SHA256
e0a4948a58829f4ecd9e6fb9b28e127a6827bd8761ded085d2069a248f6f5462
-
SHA512
fd0d0b51000b146049db24ecac27885ff4f688b4e40b42061972d21aaa45f8657437db8f56880f5414f00b5e35febce8a339b1d30bd387f8f11a179b222e828b
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Fake 404 Response
suricata: ET MALWARE LokiBot Fake 404 Response
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-