General
-
Target
950d6197cf6e68389f68e0664307fb4d6a86a0f337b21f40932fcc324a34d031
-
Size
364KB
-
Sample
220521-nxm2jsecd3
-
MD5
417158e1da987355472aed8e20b99878
-
SHA1
9dd39f29f9ee1fa36344a58b165b4cbb16da1381
-
SHA256
950d6197cf6e68389f68e0664307fb4d6a86a0f337b21f40932fcc324a34d031
-
SHA512
3e0e0e3e081a71bc75fdc80fa7bded71203b88ee06d8a0205b22d2e64f7a16a3d2400d5b448862c26661d926f1c91219ea0bb9245668f5b47183405009ef7100
Static task
static1
Behavioral task
behavioral1
Sample
INV10228552.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
INV10228552.exe
-
Size
587KB
-
MD5
9b1da0d410a48abcdc29930250b4805f
-
SHA1
7f7bb86389a3828aa0ef134da0c5105eca9ac407
-
SHA256
690e6eabcc269b5c5a1d27e4bce683d71a3ef5124401d6c464fd1a2935a3e577
-
SHA512
dc773293bb64f540d87e436333ce67c552de5dd11324c70f75b31b851c7f25be7fe1c7b27f11da96451f39a5225a4b4ab2d4753b804302af92875682a42ed583
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-