General
-
Target
d6578cfa95212240972a85887d8624f8a628b62d2ca6bc523413391a79849228
-
Size
375KB
-
Sample
220521-xgq8psfadj
-
MD5
2eac6950aa5bb950c5f14390351c12a4
-
SHA1
618058f54657e384c1d04fc0ac2fc9f41f1ae7c7
-
SHA256
d6578cfa95212240972a85887d8624f8a628b62d2ca6bc523413391a79849228
-
SHA512
edbff829fbdd892b5dd835d143ccef0fc60ad13dacec5e43891cdf1bb6f4de56b5923ba44af89437d2d6659c52fb8f2e98a902bf7c2f20434fc900d7650209fe
Static task
static1
Behavioral task
behavioral1
Sample
LOD.exe
Resource
win7-20220414-en
Malware Config
Targets
-
-
Target
LOD.exe
-
Size
641KB
-
MD5
f23480be17a427fd8e032bce73d74737
-
SHA1
33bcec04ab13d1f8cffce7910f503d7abf6354a2
-
SHA256
c5355ed49756557477936e66b14fcf0c968cdfdba663d373cb1601988cce1493
-
SHA512
efbf606b5f2fb94439f1861989e273da40b4b084d38ff52a7ec29f000afc416b183eeed96ceb6279b6533340ff2074badd5e2060f7a49b912a2d6a93c99fb3df
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Accesses Microsoft Outlook profiles
-
Suspicious use of SetThreadContext
-