839db19ede4694c840eb9a9b38143a58d9bcc9b1351f97bc9e3edcbe04fe97ab | Triage

Submit
Reports

Overview

overview

Static

static

PAYMENT-IN...f..exe

windows7_x64

PAYMENT-IN...f..exe

windows10-2004_x64

Sharing

General

Target

839db19ede4694c840eb9a9b38143a58d9bcc9b1351f97bc9e3edcbe04fe97ab
Size

408KB
Sample

220521-m429dagbcn
MD5

19fffcc0b9cd211be4d28e08e058124b
SHA1

dc224c8841b47c463cd5a21158556a973efadce2
SHA256

839db19ede4694c840eb9a9b38143a58d9bcc9b1351f97bc9e3edcbe04fe97ab
SHA512

c35c586f53ed4b86b220b21783b15af8c62958b74c7e08b5ab49f91bfc589d4351761cc4b9d678494bf9d2f8b7b50f4d3a9ff402ba49a9fae21c132edf9ab5db

Score

10^/10

collection spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

PAYMENT-INVOICE_pdf..exe

Resource

win7-20220414-en

collection spyware stealer suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

PAYMENT-INVOICE_pdf..exe

Resource

win10v2004-20220414-en

collection spyware stealer suricata

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  PAYMENT-INVOICE_pdf..exe
- Size
  
  701KB
- MD5
  
  33c8db88d1cac78f66943d24ce6e1f98
- SHA1
  
  ec6b6f4e4d6deaee33def78e3c36cc9e70913dfb
- SHA256
  
  a31edf71acd3f20d93159ea6968c8128928090d11bbca16ba586ebb3bfc47fd5
- SHA512
  
  9209487bb6279d26460ee0c381209756e32463c99b8de98e5949cd11731b96891611fa70fe015d332ddedbe49fea52b4e8ef6ee01122ecf970ee4fa1e8cffc25
Score

10^/10

collection spyware stealer suricata
- suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
  suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
  suricata
- suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
  suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
  suricata
- suricata: ET MALWARE LokiBot Checkin
  suricata: ET MALWARE LokiBot Checkin
  suricata
- suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
  suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
  suricata
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

collectionspywarestealersuricata

behavioral2

collectionspywarestealersuricata

© 2018-2024

Terms | Privacy