General
-
Target
839db19ede4694c840eb9a9b38143a58d9bcc9b1351f97bc9e3edcbe04fe97ab
-
Size
408KB
-
Sample
220521-m429dagbcn
-
MD5
19fffcc0b9cd211be4d28e08e058124b
-
SHA1
dc224c8841b47c463cd5a21158556a973efadce2
-
SHA256
839db19ede4694c840eb9a9b38143a58d9bcc9b1351f97bc9e3edcbe04fe97ab
-
SHA512
c35c586f53ed4b86b220b21783b15af8c62958b74c7e08b5ab49f91bfc589d4351761cc4b9d678494bf9d2f8b7b50f4d3a9ff402ba49a9fae21c132edf9ab5db
Static task
static1
Behavioral task
behavioral1
Sample
PAYMENT-INVOICE_pdf..exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
PAYMENT-INVOICE_pdf..exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
PAYMENT-INVOICE_pdf..exe
-
Size
701KB
-
MD5
33c8db88d1cac78f66943d24ce6e1f98
-
SHA1
ec6b6f4e4d6deaee33def78e3c36cc9e70913dfb
-
SHA256
a31edf71acd3f20d93159ea6968c8128928090d11bbca16ba586ebb3bfc47fd5
-
SHA512
9209487bb6279d26460ee0c381209756e32463c99b8de98e5949cd11731b96891611fa70fe015d332ddedbe49fea52b4e8ef6ee01122ecf970ee4fa1e8cffc25
Score10/10-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-