General
-
Target
2ec989043cb4e50738282fbd0fd49d640096945d43f0a45945fefe1ab0f617d8
-
Size
383KB
-
Sample
220521-mzb7dsfhar
-
MD5
80f2cbcaf5ef88bdbde26b160bad7574
-
SHA1
9f2b8b5e5a093ea541efd7b20c713551b4e2f81f
-
SHA256
2ec989043cb4e50738282fbd0fd49d640096945d43f0a45945fefe1ab0f617d8
-
SHA512
410404c95e377bae959e479eb448aaec91fd7cb7c7095795281856f44f26cf73b09ec06b1840a0eb32ac5f80e1d3ceafa610da76a537aed89bc2d219597deb92
Static task
static1
Behavioral task
behavioral1
Sample
Shipping_Documents_pdf..exe
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
Shipping_Documents_pdf..exe
Resource
win10v2004-20220414-en
Malware Config
Targets
-
-
Target
Shipping_Documents_pdf..exe
-
Size
612KB
-
MD5
d1a14755d248a0e7e63f7d2b8f77fba5
-
SHA1
0105460edf0326055f182f7320d3083c7678d04d
-
SHA256
5f748318882ca32c07bea2bb923f0887a5000c9aa76b905f05f25faaef18fbc7
-
SHA512
899d3695caa016e4ec929c96cffe1735d86cff64473491556cfe7d881b2779c2be1fdc87f6ea4a5b8235182ba4c3667183db7ab4299349a75d00a3d6af573295
Score10/10-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-