General
-
Target
7a5ce5c7be9b7779c246e68743541c9717bfcd2a10d95067b616f83e4e0e3037
-
Size
574KB
-
Sample
220521-n2jvpaeea6
-
MD5
3788b15c3f02ddd531736a5a44f625d9
-
SHA1
3c4f46aedaa4c32bc5eb18c684f823d513811702
-
SHA256
7a5ce5c7be9b7779c246e68743541c9717bfcd2a10d95067b616f83e4e0e3037
-
SHA512
079295bf174c3ec474f23c0fdb502396b076c148ec9fb4ff3840fb2ef0239f7d815f0618352f25e214154f872a1a728b51ba8efb27c2c47311dc5a8922a18b17
Static task
static1
Behavioral task
behavioral1
Sample
scan000288652.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
scan000288652.exe
-
Size
1.0MB
-
MD5
efdd754b5c5c0e8904e75a3626888599
-
SHA1
6082f4397931b0071e4d93dd4d37d29c8e135eb7
-
SHA256
fd109cfe95d8da2681647dd8f860797e521710150721b251277ea7d1fdcc8c88
-
SHA512
8d61dd819f223a6d961a51047fa1c332d1e559b8864efca10cc80729ec16eb43ca5e10f3207d07e18836ee5d487e73f9b4fd6cdf61caa933d597ced5d26540b7
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-