Source: 0.2.__ ___.scr.exe.3965030.2.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown |
Source: 0.2.__ ___.scr.exe.3965030.2.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown |
Source: 0.2.__ ___.scr.exe.3965030.2.unpack, type: UNPACKEDPE |
Matched rule: Loki Payload Author: kevoreilly |
Source: 0.2.__ ___.scr.exe.3965030.2.unpack, type: UNPACKEDPE |
Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group |
Source: 0.2.__ ___.scr.exe.3965030.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown |
Source: 0.2.__ ___.scr.exe.3965030.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown |
Source: 0.2.__ ___.scr.exe.3965030.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Loki Payload Author: kevoreilly |
Source: 0.2.__ ___.scr.exe.3965030.2.raw.unpack, type: UNPACKEDPE |
Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group |
Source: 0.2.__ ___.scr.exe.3965030.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen |
Source: 1.2.__ ___.scr.exe.700000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown |
Source: 1.2.__ ___.scr.exe.700000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown |
Source: 1.2.__ ___.scr.exe.700000.0.unpack, type: UNPACKEDPE |
Matched rule: Loki Payload Author: kevoreilly |
Source: 1.2.__ ___.scr.exe.700000.0.unpack, type: UNPACKEDPE |
Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group |
Source: 1.2.__ ___.scr.exe.700000.0.unpack, type: UNPACKEDPE |
Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen |
Source: 0.2.__ ___.scr.exe.4e90000.5.unpack, type: UNPACKEDPE |
Matched rule: Detects downloader injector Author: ditekSHen |
Source: 0.2.__ ___.scr.exe.38e91b0.4.unpack, type: UNPACKEDPE |
Matched rule: Detects downloader injector Author: ditekSHen |
Source: 0.2.__ ___.scr.exe.38a1380.3.unpack, type: UNPACKEDPE |
Matched rule: Detects downloader injector Author: ditekSHen |
Source: 0.2.__ ___.scr.exe.38a1380.3.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects downloader injector Author: ditekSHen |
Source: 0.2.__ ___.scr.exe.2863b50.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown |
Source: 0.2.__ ___.scr.exe.2863b50.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown |
Source: 0.2.__ ___.scr.exe.2863b50.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Loki Payload Author: kevoreilly |
Source: 0.2.__ ___.scr.exe.2863b50.0.raw.unpack, type: UNPACKEDPE |
Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group |
Source: 0.2.__ ___.scr.exe.2863b50.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen |
Source: 0.2.__ ___.scr.exe.2863b50.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects downloader injector Author: ditekSHen |
Source: 0.2.__ ___.scr.exe.2861328.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown |
Source: 0.2.__ ___.scr.exe.2861328.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown |
Source: 0.2.__ ___.scr.exe.2861328.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Loki Payload Author: kevoreilly |
Source: 0.2.__ ___.scr.exe.2861328.1.raw.unpack, type: UNPACKEDPE |
Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group |
Source: 0.2.__ ___.scr.exe.2861328.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects executables containing common artifcats observed in infostealers Author: ditekSHen |
Source: 0.2.__ ___.scr.exe.2861328.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Detects downloader injector Author: ditekSHen |
Source: 00000000.00000002.1613376458.000000000397F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown |
Source: 00000000.00000002.1613376458.000000000397F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown |
Source: 00000000.00000002.1613376458.000000000397F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group |
Source: 00000001.00000002.2874007006.0000000000701000.00000004.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown |
Source: 00000001.00000002.2874007006.0000000000701000.00000004.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown |
Source: 00000001.00000002.2874007006.0000000000701000.00000004.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group |
Source: 00000000.00000002.1613376458.000000000391C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown |
Source: 00000000.00000002.1613376458.000000000391C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown |
Source: 00000000.00000002.1613376458.000000000391C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group |
Source: 00000000.00000002.1613270465.0000000002851000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown |
Source: 00000000.00000002.1613270465.0000000002851000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_0f421617 Author: unknown |
Source: 00000000.00000002.1613270465.0000000002851000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: detect Lokibot in memory Author: JPCERT/CC Incident Response Group |
Source: Process Memory Space: __ ___.scr.exe PID: 7444, type: MEMORYSTR |
Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown |
Source: Process Memory Space: __ ___.scr.exe PID: 7472, type: MEMORYSTR |
Matched rule: Windows_Trojan_Lokibot_1f885282 Author: unknown |
Source: 0.2.__ ___.scr.exe.3965030.2.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23 |
Source: 0.2.__ ___.scr.exe.3965030.2.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23 |
Source: 0.2.__ ___.scr.exe.3965030.2.unpack, type: UNPACKEDPE |
Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload |
Source: 0.2.__ ___.scr.exe.3965030.2.unpack, type: UNPACKEDPE |
Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research |
Source: 0.2.__ ___.scr.exe.3965030.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23 |
Source: 0.2.__ ___.scr.exe.3965030.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23 |
Source: 0.2.__ ___.scr.exe.3965030.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload |
Source: 0.2.__ ___.scr.exe.3965030.2.raw.unpack, type: UNPACKEDPE |
Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research |
Source: 0.2.__ ___.scr.exe.3965030.2.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers |
Source: 1.2.__ ___.scr.exe.700000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23 |
Source: 1.2.__ ___.scr.exe.700000.0.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23 |
Source: 1.2.__ ___.scr.exe.700000.0.unpack, type: UNPACKEDPE |
Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload |
Source: 1.2.__ ___.scr.exe.700000.0.unpack, type: UNPACKEDPE |
Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research |
Source: 1.2.__ ___.scr.exe.700000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers |
Source: 0.2.__ ___.scr.exe.4e90000.5.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector |
Source: 0.2.__ ___.scr.exe.38e91b0.4.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector |
Source: 0.2.__ ___.scr.exe.38a1380.3.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector |
Source: 0.2.__ ___.scr.exe.38a1380.3.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector |
Source: 0.2.__ ___.scr.exe.2863b50.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23 |
Source: 0.2.__ ___.scr.exe.2863b50.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23 |
Source: 0.2.__ ___.scr.exe.2863b50.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload |
Source: 0.2.__ ___.scr.exe.2863b50.0.raw.unpack, type: UNPACKEDPE |
Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research |
Source: 0.2.__ ___.scr.exe.2863b50.0.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers |
Source: 0.2.__ ___.scr.exe.2863b50.0.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector |
Source: 0.2.__ ___.scr.exe.2861328.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23 |
Source: 0.2.__ ___.scr.exe.2861328.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23 |
Source: 0.2.__ ___.scr.exe.2861328.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Loki_1 author = kevoreilly, description = Loki Payload, cape_type = Loki Payload |
Source: 0.2.__ ___.scr.exe.2861328.1.raw.unpack, type: UNPACKEDPE |
Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research |
Source: 0.2.__ ___.scr.exe.2861328.1.raw.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_GENInfoStealer author = ditekSHen, description = Detects executables containing common artifcats observed in infostealers |
Source: 0.2.__ ___.scr.exe.2861328.1.raw.unpack, type: UNPACKEDPE |
Matched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector |
Source: 00000000.00000002.1613376458.000000000397F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23 |
Source: 00000000.00000002.1613376458.000000000397F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23 |
Source: 00000000.00000002.1613376458.000000000397F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research |
Source: 00000001.00000002.2874007006.0000000000701000.00000004.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23 |
Source: 00000001.00000002.2874007006.0000000000701000.00000004.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23 |
Source: 00000001.00000002.2874007006.0000000000701000.00000004.00000400.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research |
Source: 00000000.00000002.1613376458.000000000391C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23 |
Source: 00000000.00000002.1613376458.000000000391C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23 |
Source: 00000000.00000002.1613376458.000000000391C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research |
Source: 00000000.00000002.1613270465.0000000002851000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23 |
Source: 00000000.00000002.1613270465.0000000002851000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Windows_Trojan_Lokibot_0f421617 reference_sample = de6200b184832e7d3bfe00c193034192774e3cfca96120dc97ad6fed1e472080, os = windows, severity = x86, creation_date = 2021-07-20, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = 9ff5d594428e4a5de84f0142dfa9f54cb75489192461deb978c70f1bdc88acda, id = 0f421617-df2b-4cb5-9d10-d984f6553012, last_modified = 2021-08-23 |
Source: 00000000.00000002.1613270465.0000000002851000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY |
Matched rule: Lokibot hash1 = 6f12da360ee637a8eb075fb314e002e3833b52b155ad550811ee698b49f37e8c, author = JPCERT/CC Incident Response Group, description = detect Lokibot in memory, rule_usage = memory scan, reference = internal research |
Source: Process Memory Space: __ ___.scr.exe PID: 7444, type: MEMORYSTR |
Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23 |
Source: Process Memory Space: __ ___.scr.exe PID: 7472, type: MEMORYSTR |
Matched rule: Windows_Trojan_Lokibot_1f885282 reference_sample = 916eded682d11cbdf4bc872a8c1bcaae4d4e038ac0f869f59cc0a83867076409, os = windows, severity = x86, creation_date = 2021-06-22, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Lokibot, fingerprint = a7519bb0751a6c928af7548eaed2459e0ed26128350262d1278f74f2ad91331b, id = 1f885282-b60e-491e-ae1b-d26825e5aadb, last_modified = 2021-08-23 |
Source: C:\Users\user\Desktop\__ ___.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\__ ___.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\__ ___.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\__ ___.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\__ ___.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\__ ___.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\__ ___.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\__ ___.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\__ ___.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\__ ___.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\__ ___.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\__ ___.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\__ ___.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\__ ___.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\__ ___.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\__ ___.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\__ ___.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\__ ___.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\__ ___.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\__ ___.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\__ ___.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\__ ___.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\__ ___.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\__ ___.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\__ ___.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\__ ___.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\__ ___.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |
Source: C:\Users\user\Desktop\__ ___.scr.exe |
Process information set: NOOPENFILEERRORBOX |
Jump to behavior |