Overview

overview

10

Static

static

PO_NO.2311...ly.exe

windows7_x64

10

PO_NO.2311...ly.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9b183c1c75980e354b15479a73ece20256aa95a1f202284a4914630f556c0020

  • Size

    387KB

  • Sample

    220521-xgxqgsbfh9

  • MD5

    52ebb3323d9e4fa93ef6b1094d2c6e77

  • SHA1

    7897027d683144e51f4aaa41ce8399207fc8ed34

  • SHA256

    9b183c1c75980e354b15479a73ece20256aa95a1f202284a4914630f556c0020

  • SHA512

    c0cdd67c8551c423a4bc39a668d96c59cb2040d92c67cd36e57a6a7bc0996b49740de872be447eb259865d018147d007b2d81dc889ec6abe89cfb648f8c34199

Score
10/10
collectionspywarestealersuricata

Malware Config

Targets

    • Target

      PO_NO.231101-ENQUIRY Urgently.exe

    • Size

      672KB

    • MD5

      e8056167fda62ab345a642116eac4797

    • SHA1

      22803cfc7c938439e3eb7becf61d1e4218d449bc

    • SHA256

      0af98d66b8e07f0ecd7b08b403045c4ee83b402304b723d65afea8041a3db962

    • SHA512

      12558781d805db53d901c09d06a9bd542008ba6bf9f8e17c8c198c8b8fabc9de0f6ae23d924fedd46ac7699dadbb0c46be9fb060352d4de27fdf4567f18b3103

    Score
    10/10
    collectionspywarestealersuricata

    • suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

      suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

      suricata

    • suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2

      suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2

      suricata

    • suricata: ET MALWARE LokiBot Checkin

      suricata: ET MALWARE LokiBot Checkin

      suricata

    • suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

      suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

      suricata

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks