General
-
Target
ec2da1f5d53d68c839fb3149ce10c7148377a5b17419e3fcb341ed07613766a0
-
Size
335KB
-
Sample
220521-mxv7gscfc9
-
MD5
4ab5ed56a77d125e297be56b1eb8163d
-
SHA1
66585cbdfdd4edaaa7a07d841374e984c351b15b
-
SHA256
ec2da1f5d53d68c839fb3149ce10c7148377a5b17419e3fcb341ed07613766a0
-
SHA512
58c4d8e976e0d6dec7550e6f94260625db5ac1b44c00c2300d28ac4360c7ebcd4715e3be2949c7dac6e75765e6dc36b4f8c5520e51b5ca629c1e77f54389a12a
Static task
static1
Behavioral task
behavioral1
Sample
#00992-20.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
#00992-20.exe
-
Size
580KB
-
MD5
3479b7645c4dd97b1e7b1f03e0fec29b
-
SHA1
dcb9449935ed0de0c3176278e595391145c51353
-
SHA256
9351842c8f05b32a19dd22011391431072e855e069c6a7c9fdd73cbd6d1bbc0c
-
SHA512
8809a821d68ef1bb09e37de93a182742283618f0bcbf8483fd287af38701480b079876f5d4a79de13d2804d6678c80682344ba48db75c428f2bba61c17be53b7
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-