General
-
Target
b7e508b5d5dbdb69d98bf4b1527ea597b05de34d5c84ea8e03cc8fab4e332565
-
Size
381KB
-
Sample
220521-mydc3afgfl
-
MD5
76b78f3a3a90f0eb862b1dda0a00c8c7
-
SHA1
5db017d757932d0aaf34efdda914001486a28f2c
-
SHA256
b7e508b5d5dbdb69d98bf4b1527ea597b05de34d5c84ea8e03cc8fab4e332565
-
SHA512
3671295a8abcc8edadaf8a1c2712bdbf60dde62c16fb3e83ef589e828460c97bf5ae30514eaabdd7bf88baca68c6cc6679ffbccfa881c9e0230f610323be449e
Static task
static1
Behavioral task
behavioral1
Sample
scan copy-1011211_pdf.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
scan copy-1011211_pdf.exe
-
Size
666KB
-
MD5
c1be609642320d4ebda2bf43a81fa809
-
SHA1
a606d376ce7330fb29c424e29adad961b16ff15b
-
SHA256
a8d1421f0d0d3babfd87e46e494a017c2627a20bf67d09b9a0dde3301e5511cf
-
SHA512
9f7f404cc43408c0ad6426d36c2452fb3ed7758f3d3c8bba3142defeceec05f28a0ee30927150d4898f9bc6da04f7a1291f197d95ae5fb189528dac80eab1964
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-