2ec989043cb4e50738282fbd0fd49d640096945d43f0a45945fefe1ab0f617d8 | Triage

Submit
Reports

Overview

overview

Static

static

Shipping_D...f..exe

windows7_x64

Shipping_D...f..exe

windows10-2004_x64

Sharing

General

Target

2ec989043cb4e50738282fbd0fd49d640096945d43f0a45945fefe1ab0f617d8
Size

383KB
Sample

220521-mzb7dsfhar
MD5

80f2cbcaf5ef88bdbde26b160bad7574
SHA1

9f2b8b5e5a093ea541efd7b20c713551b4e2f81f
SHA256

2ec989043cb4e50738282fbd0fd49d640096945d43f0a45945fefe1ab0f617d8
SHA512

410404c95e377bae959e479eb448aaec91fd7cb7c7095795281856f44f26cf73b09ec06b1840a0eb32ac5f80e1d3ceafa610da76a537aed89bc2d219597deb92

Score

10^/10

collection spyware stealer suricata

Static task

static1

Behavioral task

behavioral1

Sample

Shipping_Documents_pdf..exe

Resource

win7-20220414-en

collection spyware stealer suricata

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Shipping_Documents_pdf..exe

Resource

win10v2004-20220414-en

collection spyware stealer suricata

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  Shipping_Documents_pdf..exe
- Size
  
  612KB
- MD5
  
  d1a14755d248a0e7e63f7d2b8f77fba5
- SHA1
  
  0105460edf0326055f182f7320d3083c7678d04d
- SHA256
  
  5f748318882ca32c07bea2bb923f0887a5000c9aa76b905f05f25faaef18fbc7
- SHA512
  
  899d3695caa016e4ec929c96cffe1735d86cff64473491556cfe7d881b2779c2be1fdc87f6ea4a5b8235182ba4c3667183db7ab4299349a75d00a3d6af573295
Score

10^/10

collection spyware stealer suricata
- suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
  suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
  suricata
- suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
  suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
  suricata
- suricata: ET MALWARE LokiBot Checkin
  suricata: ET MALWARE LokiBot Checkin
  suricata
- suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
  suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
  suricata
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

collectionspywarestealersuricata

behavioral2

collectionspywarestealersuricata

© 2018-2024

Terms | Privacy