Malware Monthly Update April - 2022

Malware Strikes

Strike ID Malware Platform Info MD5 External References
M22-M401fBanload_66b8cd3bWindows This strike sends a malware sample known as Banload. Banload is a banking trojan that has recently been infecting Latin American systems. This malware uses custom kernel drivers to evade detection.66b8cd3b1eb25169bf41beba0fc5c788https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: 372c47dbe69f8d2e4b17307d0e2217e03f2ff58d919cf190ead55f8f82471a76
SHA1: 0b4399d492428519110b4d47c3797cf38e685a96
MD5: 66b8cd3b1eb25169bf41beba0fc5c788
M22-M4014Nanocore_38cee96eWindows This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes.38cee96e344836bcf081a164e1499cd8https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
SHA256: 40df493c4a50394fa3b2e482afc505bfedaa459f03d89986786c4b6ef3567d30
SHA1: 9ea765bc3d90ac852c479f8112f40c66054524c6
MD5: 38cee96e344836bcf081a164e1499cd8
M22-M4060LokiBot_5d6e02f7Windows This strike sends a polymorphic malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.The binary has random bytes appended at the end of the file.5d6e02f77ca51f9a8d22da843ee87791https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
SHA256: 469e335bc86bf64c02119e25b3a7ba2e3cda81f6caa688a853a31660ec530fb5
https://attack.mitre.org/techniques/T1009/
PARENTID: M22-M4056
SSDEEP: 6144:viGuElqq+5tom1lGRvxDe8yITrLUbgPmNO:viUEq+cm1GpxTrSXO
SHA1: 0fd289932941c2195a7d3f88c515d2583f782927
MD5: 5d6e02f77ca51f9a8d22da843ee87791
M22-M4040Banload_c4d27160Windows This strike sends a malware sample known as Banload. Banload is a banking trojan that has recently been infecting Latin American systems. This malware uses custom kernel drivers to evade detection.c4d27160fcce47b741bb2dad01d63b20https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: 6e88c0fc568192968be1ea2c0242bce09141b8b151b469a9d378b66c32909207
SHA1: e038f73943676207b8a294897a9c1f66291ddad7
MD5: c4d27160fcce47b741bb2dad01d63b20
M22-M4059Lydra_0af3b3f7Windows This strike sends a polymorphic malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup.The binary has random strings (lorem ipsum) appended at the end of the file.0af3b3f763055e7c0437e5f0b57eaeafhttps://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: 615f9ebc63f95f1f24a1fa2d2c12e168ee4366da175c7d3fad894bb941588ee8
https://attack.mitre.org/techniques/T1009/
PARENTID: M22-M400d
SSDEEP: 12288:S5kXzk3f1nZaJl2qIYGnhT2AsnPiKySRsxy8iZV1nUIW2eZ/8djVOWDvqb2bxq9b:qYwpZyl24K2AIPiK0K/5Hbi8djIWw2bY
SHA1: 1c51ccbaf55a263dcc79275dca612955a4857993
MD5: 0af3b3f763055e7c0437e5f0b57eaeaf
M22-M4047Banload_d93d32b2Windows This strike sends a malware sample known as Banload. Banload is a banking trojan that has recently been infecting Latin American systems. This malware uses custom kernel drivers to evade detection.d93d32b2df1365aba50a850cdcf9ac41https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: 219eacfdeef7b353ece6c4c8565d117724b4eaf8a386744291e62850b6397a0f
SHA1: 5eaf9c3cc686090c2885f13b115a73423cb838b5
MD5: d93d32b2df1365aba50a850cdcf9ac41
M22-M4049Banload_deaf3862Windows This strike sends a malware sample known as Banload. Banload is a banking trojan that has recently been infecting Latin American systems. This malware uses custom kernel drivers to evade detection.deaf38621cc351ca073766c3217631d0https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: 08f4433c7d01f6ab5e7913900e2b01107108bedd1a616836ad06659622fd6031
SHA1: 0040e6440f338eb2b6ea6ac5c1dd089b88e1c2cc
MD5: deaf38621cc351ca073766c3217631d0
M22-M400aLydra_1770b93cWindows This strike sends a malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup.1770b93c9a0507f45d89744818055350https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: 9479afa1493073b4eaeb85046180765e880c7b8858758ddc4417e543f495e890
SHA1: eba0040e227b6edc40b84481b845f868bfc3ee1a
MD5: 1770b93c9a0507f45d89744818055350
M22-M4011Lydra_2cf374f0Windows This strike sends a malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup.2cf374f0fc3fe25804ccf3a30d30362dhttps://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: 5e1caf77eec956a0a0ca4f1698852d697a8bc01cda546ac447e089844a32de4e
SHA1: d2bcd840dc43c45d4cb3c2eee07ffe7c4f04ef5e
MD5: 2cf374f0fc3fe25804ccf3a30d30362d
M22-M401bNanocore_5d1b8c65Windows This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes.5d1b8c65e931124a25d4b51f0b5a3562https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
SHA256: 36c5b920e561d5dd5c946d8005823d7824aa0413b543c0a02c5d205d47399479
SHA1: 2d51ae9f60010bcb34ff7d0bc0bc3787a2dd09ad
MD5: 5d1b8c65e931124a25d4b51f0b5a3562
M22-M4004Banload_07816243Windows This strike sends a malware sample known as Banload. Banload is a banking trojan that has recently been infecting Latin American systems. This malware uses custom kernel drivers to evade detection.0781624361d6a6f65cd2c114ec4d800ahttps://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: 72e2512c5f40728072de1ebb947f8933dfb2b2db39a94c95c18e83b27f290d01
SHA1: 793e52eada42de33a26abbf6e00c114053280a84
MD5: 0781624361d6a6f65cd2c114ec4d800a
M22-M4038Nanocore_9fdc8981Windows This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes.9fdc898122e5048dd40054608952290chttps://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
SHA256: 45319a1170865bb1328f449b5548f36d6abdcf3a949e2621d63d2bbb4989dc14
SHA1: 574b6403539da25e33d7b77aa4947914e1e5255d
MD5: 9fdc898122e5048dd40054608952290c
M22-M4015Nanocore_3b72cad1Windows This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes.3b72cad1541f9f0e9723c7b6b462cfb3https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
SHA256: 48376b001034bf0016b7096f4ce337f537738ea0ba99be14705ec513af5cb3fa
SHA1: 9e7cfe9c0d7fff33cd8fea71899ef20e1282da09
MD5: 3b72cad1541f9f0e9723c7b6b462cfb3
M22-M4029Lydra_74059b01Windows This strike sends a malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup.74059b0184b8ca790207caa5ef25680chttps://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: 2cddab879e997d08b85ac4ccafeac2ff7433ab5d48e52dd5dd930fd471485e03
SHA1: e1818d6cd224e1e86a3e79d153c14e5db8a59371
MD5: 74059b0184b8ca790207caa5ef25680c
M22-M4061Lydra_5f1583c9Windows This strike sends a polymorphic malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup.The binary has random bytes appended at the end of the file.5f1583c98600b138a80b5940dc48b78dhttps://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: 322f02a1c696951ab36e8f05db16d33ad56b92fbe9103bdc853a4ae3261f1ee7
https://attack.mitre.org/techniques/T1009/
PARENTID: M22-M4010
SSDEEP: 24576:fDJkk/Zyl24K2AIPiKnw84YdEf/5Hbi8djIWNw5X:fDJk8ZyQ4D3w84s8ZcWw5X
SHA1: 87a6de2bb04b8e292a2f71003394ddf10613f94a
MD5: 5f1583c98600b138a80b5940dc48b78d
M22-M4068Lydra_c92de4aeWindows This strike sends a polymorphic malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup.The binary has the timestamp field updated in the PE file header.c92de4ae19118495095c6c37af78ac10https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: 5e04b393e8848480e5833c199209ab55b9d7441a78e27440e4e6c239e6ace278
https://attack.mitre.org/techniques/T1099/
PARENTID: M22-M4010
SSDEEP: 24576:+DJkk/Zyl24K2AIPiKnw84YdEf/5Hbi8djIWNw5R:+DJk8ZyQ4D3w84s8ZcWw5R
SHA1: 49ab71d48cf6b2c1c3f4b737daccb84638c3e86b
MD5: c92de4ae19118495095c6c37af78ac10
M22-M4016Lydra_3b96101aWindows This strike sends a malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup.3b96101a3bb9cfc85a0dc6992a465384https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: 53545c5ae81ea8b75a6fa94331aa906271adcaddeae675817a25650e8a874e43
SHA1: a9039ed3fac9a26119ec687f84b2e168b9b885ec
MD5: 3b96101a3bb9cfc85a0dc6992a465384
M22-M4044Lydra_d432eb6eWindows This strike sends a malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup.d432eb6ee625acd6397249c1aa090832https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: 2b46dd145a0ce192005b3810dbcccf4e954fdeb83e447dcada03b899b0ed9ae4
SHA1: 020821b146385b167915b95d5de574af1339a1e7
MD5: d432eb6ee625acd6397249c1aa090832
M22-M4054Lydra_fd5fe179Windows This strike sends a malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup.fd5fe1794394752c0731c8bfad7ef61dhttps://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: 31c50e33c2f46b0e3fd16769df950caae32d0b0f39e2dfd9352e4ad610566608
SHA1: fd07cb5c8882a20ec38baa5a102647e06a543f40
MD5: fd5fe1794394752c0731c8bfad7ef61d
M22-M4066LokiBot_ab04f52fWindows This strike sends a polymorphic malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.The binary has the checksum removed in the PE file format.ab04f52f3035256aa8b91ad784fd6724https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
SHA256: 4dd792e3a9d3ebd7760520bb6bd1021fb549706a2dec31edf2e8ed8fe9f25411
https://arxiv.org/abs/1801.08917
PARENTID: M22-M4056
SSDEEP: 6144:AiGuElqq+5tom1lGRvxDe8yITrLUbgPmN:AiUEq+cm1GpxTrSX
SHA1: ff23356750b0c1d46a8f87a4e00b0ce44d1b47cc
MD5: ab04f52f3035256aa8b91ad784fd6724
M22-M402aLydra_77eb6d25Windows This strike sends a malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup.77eb6d2555b1bf5020c3ed6c96c36914https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: 5e2082ca86065448d21059b22422a3923d020c2a1b2e54b863b73adf4a8aa04a
SHA1: e7b8b3551de19d10e15e9c4866f90a2453dca80b
MD5: 77eb6d2555b1bf5020c3ed6c96c36914
M22-M406bLydra_dc303021Windows This strike sends a polymorphic malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup.The binary has a random section name renamed according to the PE format specification.dc3030213c6d17ccad1dff4bc9201872https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: b22a392253fa1e3f1cef9624efe2900ee10402f02b4e2a1ee521794a5800cb6c
https://arxiv.org/abs/1801.08917
PARENTID: M22-M400d
SSDEEP: 12288:15kXzk3f1nZaJl2qIYGnhT2AsnPiKySRsxy8iZV1nUIW2eZ/8djVOWDvqb2bxq9S:PYwpZyl24K2AIPiK0K/5Hbi8djIWw2bh
SHA1: e14ff9321b4b2247febe65c424d562c82c91d9eb
MD5: dc3030213c6d17ccad1dff4bc9201872
M22-M402dBanload_80cb5601Windows This strike sends a malware sample known as Banload. Banload is a banking trojan that has recently been infecting Latin American systems. This malware uses custom kernel drivers to evade detection.80cb5601683bbc10eaa9bd6c0a69ff29https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: 061f5fbc2bd1520c16d7f44644ff3dafa1e6a3d54968a9cb14597a6f6600f2cf
SHA1: 70ff9494bce081f8700aa626b4e13b473972ed05
MD5: 80cb5601683bbc10eaa9bd6c0a69ff29
M22-M4045Lydra_d5c033acWindows This strike sends a malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup.d5c033ac824b36409ef2db6ffc040fe6https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: 3acbb8c2603812159c09e2d8a55bf0d0f51caea52bc478c7ce25c13c019bcf78
SHA1: 37d0855d272892927205e2c2e811124026336131
MD5: d5c033ac824b36409ef2db6ffc040fe6
M22-M401aBanload_57890324Windows This strike sends a malware sample known as Banload. Banload is a banking trojan that has recently been infecting Latin American systems. This malware uses custom kernel drivers to evade detection.5789032400a88264ddd37c1599304bd2https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: 1eef3dccbe68b4fe916f8300a17f3e7113128fc70339d0cb44d5037a8f282233
SHA1: 48785845ce7ae86c0c7784d9828bebf135a11a4e
MD5: 5789032400a88264ddd37c1599304bd2
M22-M4067Lydra_afec8070Windows This strike sends a polymorphic malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup.The binary has the timestamp field updated in the PE file header.afec8070f50efcc17d2ed37ecbb62836https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: 7d4b46b745b2cc95cf65307d253d4053d402df64024749304fdd049be606ef51
https://attack.mitre.org/techniques/T1099/
PARENTID: M22-M400d
SSDEEP: 12288:R5kXzk3f1nZaJl2qIYGnhT2AsnPiKySRsxy8iZV1nUIW2eZ/8djVOWDvqb2bxq9S:7YwpZyl24K2AIPiK0K/5Hbi8djIWw2bh
SHA1: 4231bb806ed23874fbfadaff2c05ed7467f1748c
MD5: afec8070f50efcc17d2ed37ecbb62836
M22-M4046Nanocore_d8661f7dWindows This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes.d8661f7d65f4a2123b5257131c8ba54chttps://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
SHA256: 2300264d67bb1e27e5d716c1b890c448212ed46e76ddbf886b1a4f9f5bc66beb
SHA1: bb0ce041fba4de2d183c8796bf64cf3a78ea3f3f
MD5: d8661f7d65f4a2123b5257131c8ba54c
M22-M405cBumblebee_23c611cbWindows This strike sends a polymorphic malware sample known as Bumblebee. Bumblebee is a downloader that contains anti-virtualization checks and the ability to download and execute other malicious payloads. Bumblebee has been associated with multiple campaigns, and has been known to deliver shellcode, Meterpreter, Silver and Cobalt Strike.The binary has random bytes appended at the end of the file.23c611cb0d5f3d9d18f24eb1155d14dahttps://www.proofpoint.com/us/blog/threat-insight/bumblebee-is-still-transforming
SHA256: 7370703798ce709cf95253375d619bf32bfecf90fc9488070642b712acdb0d9b
https://attack.mitre.org/techniques/T1009/
PARENTID: M22-M404c
SSDEEP: 49152:KR7M9r/8AmAJXPasx29pSvKtxqJ7w+dIM9qPGrfepLXr:VqSv/J7H+M91rmpzr
SHA1: 4ac30befebdd920a4daac14294246811949466e0
MD5: 23c611cb0d5f3d9d18f24eb1155d14da
M22-M4056LokiBot_ff0e4f8aWindows This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.ff0e4f8a8a1bdd195568c08aa7ed885bhttps://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
SHA256: 153cfd3b0e0aa6b8b3145dbc33f5916e28464296dc95622a3d26aae72545407b
SHA1: 60533311017617f0501ac8beebf22bad19c4c5aa
MD5: ff0e4f8a8a1bdd195568c08aa7ed885b
M22-M4007Lydra_0eddb35fWindows This strike sends a malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup.0eddb35f4053a1560d8e615a692bacf2https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: 15d97d53e293b73f3d0337d6ce94554159fa686f831f0adaf7acb0ef5851c3e3
SHA1: 580fb14472b733b5a243da5a0130e9fce1afd23a
MD5: 0eddb35f4053a1560d8e615a692bacf2
M22-M403bLydra_be8460bdWindows This strike sends a malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup.be8460bd64827960aea8b219e2d3fb3ahttps://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: 14b9ceba92c03832303b4e168ae02040808d4627ae7eec3d9ae6f10d548c3de0
SHA1: b76669d8bdef04e07532b978ea57983f77bdcb9f
MD5: be8460bd64827960aea8b219e2d3fb3a
M22-M4062Lydra_801ec30dWindows This strike sends a polymorphic malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup.The binary has random bytes appended at the end of the file.801ec30dfa8188cc0c6a81955564956ehttps://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: 4fd026798203c7881526d73368d9b89af289c25f82508dce0897108d2ffee4a1
https://attack.mitre.org/techniques/T1009/
PARENTID: M22-M400d
SSDEEP: 12288:S5kXzk3f1nZaJl2qIYGnhT2AsnPiKySRsxy8iZV1nUIW2eZ/8djVOWDvqb2bxq9R:qYwpZyl24K2AIPiK0K/5Hbi8djIWw2bS
SHA1: 55ba4364bb83644153d37cd9ff2e972be3890ce9
MD5: 801ec30dfa8188cc0c6a81955564956e
M22-M405eLokiBot_2f6f3af9Windows This strike sends a polymorphic malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.The binary file has one more imports added in the import table.2f6f3af90b6df93d8d98909ca888a2edhttps://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
SHA256: 83316ae9fac648fd60c829e6d67e4a6de6ddd35ecd7766d9f96dc82d2db70d69
https://arxiv.org/abs/1702.05983
PARENTID: M22-M4056
SSDEEP: 6144:MiGuElqq+5tom1lGRvxpe8yITrLUbgPmN:MiUEq+cm1GpHTrSX
SHA1: f869f5d5f71309ebba9fe5149259e26314190ce3
MD5: 2f6f3af90b6df93d8d98909ca888a2ed
M22-M405bBumblebee_21c886eaWindows This strike sends a polymorphic malware sample known as Bumblebee. Bumblebee is a downloader that contains anti-virtualization checks and the ability to download and execute other malicious payloads. Bumblebee has been associated with multiple campaigns, and has been known to deliver shellcode, Meterpreter, Silver and Cobalt Strike.The binary has the timestamp field updated in the PE file header.21c886eae8ce6dcef907160e430bba92https://www.proofpoint.com/us/blog/threat-insight/bumblebee-is-still-transforming
SHA256: 9fcce29e265440008d2921e28da643901044998efe06279340161868cc762ad1
https://attack.mitre.org/techniques/T1099/
PARENTID: M22-M404c
SSDEEP: 49152:lR7M9r/8AmAJXPasx29pSvKtxqJ7w+dIM9qPGrfepLX:mqSv/J7H+M91rmpz
SHA1: a8495b46cb81a22b8ca337f3c7eb07d60ee3ad7a
MD5: 21c886eae8ce6dcef907160e430bba92
M22-M4013Nanocore_343a00e0Windows This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes.343a00e0236966f55dcd7f7793821ea3https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
SHA256: 0f3819365183904f2847e83c0e4c0b74abe59630517dcb426ba460bc0289f68e
SHA1: 4b159434886459b344d4a798dbfedf0ce79e8e06
MD5: 343a00e0236966f55dcd7f7793821ea3
M22-M403eNanocore_c24e32e2Windows This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes.c24e32e2f5e4dcd95f76722619b1c0a1https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
SHA256: 355de03119506a646343e7bdc80c930128228a31b5cda9fc604e78c3339cd15a
SHA1: f99f79767b28610d570bbb88e292e25539d9fad1
MD5: c24e32e2f5e4dcd95f76722619b1c0a1
M22-M4035Nanocore_97531e3aWindows This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes.97531e3a2e53b602f0fe470d0080f568https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
SHA256: 0fd82328c74f24e7628f8f5b057d1f4c4c00111cdfc32ea375f566bd83767c93
SHA1: 46ffd4c2de12166c8bf7e59399a2bdc4e4ccb914
MD5: 97531e3a2e53b602f0fe470d0080f568
M22-M4069Bumblebee_d11663faWindows This strike sends a polymorphic malware sample known as Bumblebee. Bumblebee is a downloader that contains anti-virtualization checks and the ability to download and execute other malicious payloads. Bumblebee has been associated with multiple campaigns, and has been known to deliver shellcode, Meterpreter, Silver and Cobalt Strike.The binary has random strings (lorem ipsum) appended at the end of the file.d11663fa06c252e4601c21fc7233603chttps://www.proofpoint.com/us/blog/threat-insight/bumblebee-is-still-transforming
SHA256: dd846fdbd0628040042b25017f716f2157fce108e7a967a3d67c3aded21e6cd8
https://attack.mitre.org/techniques/T1009/
PARENTID: M22-M404c
SSDEEP: 49152:KR7M9r/8AmAJXPasx29pSvKtxqJ7w+dIM9qPGrfepLXD:VqSv/J7H+M91rmpzD
SHA1: 926a135b55eedd089e22944c3f9da46146b5d392
MD5: d11663fa06c252e4601c21fc7233603c
M22-M403fLydra_c38cc376Windows This strike sends a malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup.c38cc3765d0716273c8ed79329236862https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: 1cc4db7bd0b80b86907654bc7cffad4cb075836a47386324cffa3090ec26ce85
SHA1: 53c2f0b291c96a476fc553a4734d25849c8d6739
MD5: c38cc3765d0716273c8ed79329236862
M22-M4009Lydra_1197632fWindows This strike sends a malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup.1197632f08b212c0eaa0826a24126771https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: 313b0792573b08e5ad6266858c45d624da6b759f0cd36e7a140b60479a192a12
SHA1: e47102c2e0acce11937505f1203677684759d1db
MD5: 1197632f08b212c0eaa0826a24126771
M22-M404eLydra_efceda07Windows This strike sends a malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup.efceda078559280ccc602f9ddc4dec45https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: 0f166551e865da185662a2f71ef0d64521f1554be174c0f7e2bd8d44d02ccc69
SHA1: 25c17ab09bb33a8f3838a3774bfff25f7598f89f
MD5: efceda078559280ccc602f9ddc4dec45
M22-M401eNanocore_656265f4Windows This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes.656265f4773e9fce528b9dd1d3685c5fhttps://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
SHA256: 32a8fadf13aea651d7de1c2204f9ca34240e9ca112b96f86eac59c55b1565959
SHA1: 02182c2c4612dc1985aff097e1313eefcf341d3d
MD5: 656265f4773e9fce528b9dd1d3685c5f
M22-M4032Banload_8bbc6745Windows This strike sends a malware sample known as Banload. Banload is a banking trojan that has recently been infecting Latin American systems. This malware uses custom kernel drivers to evade detection.8bbc6745481a14d26d118c7a36dbe57dhttps://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: 578415c1ead7c074899c39062af2afcb3dfd614b564b2cfbc459bbeae8e950ce
SHA1: 0da92b56b06645fdc87bd76c209d1c6a633df3d1
MD5: 8bbc6745481a14d26d118c7a36dbe57d
M22-M4039Nanocore_a7755817Windows This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes.a775581737895ae440ada6d5eb68f1b4https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
SHA256: 0a44490562afa0b283ce371cc320340db6e77665fee1525551eb9673b88cbedd
SHA1: 39cd214fd219ba80c674ba72c3c85effe8f6b0d9
MD5: a775581737895ae440ada6d5eb68f1b4
M22-M4037Banload_9f95f5e6Windows This strike sends a malware sample known as Banload. Banload is a banking trojan that has recently been infecting Latin American systems. This malware uses custom kernel drivers to evade detection.9f95f5e64e39f57da72e25d609f64586https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: 7a81b340e62044d7611d4a6a105b1d1eea78a259513d5767dbe4931c6e6e5504
SHA1: e20a34647ac602598a6e8c810bdacea9c0b5a865
MD5: 9f95f5e64e39f57da72e25d609f64586
M22-M401dBanload_5f4c32fdWindows This strike sends a malware sample known as Banload. Banload is a banking trojan that has recently been infecting Latin American systems. This malware uses custom kernel drivers to evade detection.5f4c32fdc71c7d660158b4a4e5f0cc73https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: 5d0d5ff7e8f13ec20a843639956327ab5dd568cce99e92e0ac10ad7223617a45
SHA1: e7f587756204d41851d8a7243f954f7151378aeb
MD5: 5f4c32fdc71c7d660158b4a4e5f0cc73
M22-M4006Nanocore_0df610eaWindows This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes.0df610eaf1432e0b18aa27e4eabc931ahttps://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
SHA256: 4268f21ca6e9828bb3d1e3d83023afb59d9bd7f8bd80aec20949747f28eef2bd
SHA1: 5c01ce7b25a01bc9cde659cf2701b7594517f18a
MD5: 0df610eaf1432e0b18aa27e4eabc931a
M22-M4058LokiBot_01f2e3a9Windows This strike sends a polymorphic malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.The binary has random contents appended in one of the existing sections in the PE file format.01f2e3a946d22c470784c71b442a2901https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
SHA256: b6b7b0f13f6ec7dc365ab2df9f6ea3addcf6349d82153f88ee90a7fcdb5cd0cd
https://arxiv.org/abs/1801.08917
PARENTID: M22-M4056
SSDEEP: 6144:viGuElqq+5tom1lGRvxDe8yITrLUbgPmN:viUEq+cm1GpxTrSX
SHA1: f56e340407b748f185bd6f17e067e94c97110371
MD5: 01f2e3a946d22c470784c71b442a2901
M22-M4024Banload_6c2ad02cWindows This strike sends a malware sample known as Banload. Banload is a banking trojan that has recently been infecting Latin American systems. This malware uses custom kernel drivers to evade detection.6c2ad02c4757738a272804d6d9bea945https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: 357e7e3938085403df07804b7df5bfb204383383e471dcc8fadc621e0827fae6
SHA1: b99884e185f8a2648485892bac4067fd44f820fa
MD5: 6c2ad02c4757738a272804d6d9bea945
M22-M4028LokiBot_6f06a830Windows This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.6f06a830e7610d4f2e9a1a5c2a4b542bhttps://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
SHA256: f766b8e7d891d8cfe0ac028a7b81856e060305051f499a7567e59587a922be7c
SHA1: b1d92cb2ed3660ea44afbf16bf1c6787ec8106f3
MD5: 6f06a830e7610d4f2e9a1a5c2a4b542b
M22-M4019Nanocore_5345f05cWindows This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes.5345f05c846bcec9128116d080cc8aa8https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
SHA256: 321475afa7b20e9f0365e632ff78a7cf4a41069a8ab60c9ca1cb1c432e28e8fb
SHA1: 54ef057394aff06c7732e50432e5cb6a0f5fc500
MD5: 5345f05c846bcec9128116d080cc8aa8
M22-M405aBumblebee_171e9b04Windows This strike sends a polymorphic malware sample known as Bumblebee. Bumblebee is a downloader that contains anti-virtualization checks and the ability to download and execute other malicious payloads. Bumblebee has been associated with multiple campaigns, and has been known to deliver shellcode, Meterpreter, Silver and Cobalt Strike.The binary has the debug flag removed in the PE file format.171e9b04a8b64c8b131c2d97bdc77879https://www.proofpoint.com/us/blog/threat-insight/bumblebee-is-still-transforming
SHA256: 5784bf194bf7301dc13c2ee4c0ace3cb8d095eefde82e7204fe64e334d5f7783
https://arxiv.org/abs/1801.08917
PARENTID: M22-M404c
SSDEEP: 49152:6R7M9r/8AmAJXPasx29pSvKtxqJ7w+dIM9qPGrfepLX:FqSv/J7H+M91rmpz
SHA1: 5543bc535f9803afad124f8f6a1bad8b7b8c6449
MD5: 171e9b04a8b64c8b131c2d97bdc77879
M22-M400dLydra_26d60427Windows This strike sends a malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup.26d6042786097f5611ca308e85cf45fahttps://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: 09f2388dacbe3d50df9f104bba77ffc8866e2d71827eba15a53f8fc943c1d59e
SHA1: 05ab56cad631c8404d9ac2b461488387b8d0be6d
MD5: 26d6042786097f5611ca308e85cf45fa
M22-M4042Lydra_cd9194b6Windows This strike sends a malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup.cd9194b61a41fa54750c3a0c8c8213b6https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: 128f9fad1fd6d4c61a2f5fb3ee5bbd5bcabf15f73c89ceddd816102e52156bc3
SHA1: 038636671718a571f6f6332c85cf228502c25e5b
MD5: cd9194b61a41fa54750c3a0c8c8213b6
M22-M402eBanload_817f6461Windows This strike sends a malware sample known as Banload. Banload is a banking trojan that has recently been infecting Latin American systems. This malware uses custom kernel drivers to evade detection.817f6461ce3b8252058920db2cfc9942https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: 5cb4672e1fdec37c22b06e3f4eb6ade056d96967811818c1a66066c52184783d
SHA1: a7198f87dca906362be2dacd591f72963d802ea4
MD5: 817f6461ce3b8252058920db2cfc9942
M22-M4023Nanocore_6a98fe51Windows This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes.6a98fe519e79a71d03da47d2ae68d529https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
SHA256: 218da733de5fd562ba8bbe14ce5f45ea05efbe4eb777494e04e25bcc26453c3c
SHA1: b6080ec0d8b5cf454ab17c36b7a8a0001851eff0
MD5: 6a98fe519e79a71d03da47d2ae68d529
M22-M4055LokiBot_feb2366bWindows This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.feb2366b62e5204c8b4f70efc8a297d0https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
SHA256: 78a241cb500e2d69b09e031983af0ccdbf00e090ce1b25a468c07ebd42368250
SHA1: 393280a691a15d97e8d4dbe161aa7d8d98bf6770
MD5: feb2366b62e5204c8b4f70efc8a297d0
M22-M400cNanocore_1f9b44c9Windows This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes.1f9b44c987c087f9ac0df45510701795https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
SHA256: 1b57755d46a6257a0ebe36dd0a6c79550c64d7e53e15b856ba844b37bcb0970a
SHA1: 9d01758d26a5741e9cd5d4657a91c47ac0f7098b
MD5: 1f9b44c987c087f9ac0df45510701795
M22-M4048Nanocore_daab0fbdWindows This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes.daab0fbde90d733f89e781e6613a88e6https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
SHA256: 3e0d4dd9d8474170103e384e2a2fb6d535257bc7340f1fec5fee6be613026eec
SHA1: b80a817f77e2fca4b1390b743eb290e074783e6b
MD5: daab0fbde90d733f89e781e6613a88e6
M22-M403cNanocore_beb5e37dWindows This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes.beb5e37de290abb7ad40624b67ffe93ahttps://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
SHA256: 0bf8c2d09aef9aa0b347f71a96e4d496999a50289e2d165d4beb70a65341e8ba
SHA1: 0d661c89ad1a34e1f5da5d1bf326be0be8b78c85
MD5: beb5e37de290abb7ad40624b67ffe93a
M22-M4051Banload_f9606989Windows This strike sends a malware sample known as Banload. Banload is a banking trojan that has recently been infecting Latin American systems. This malware uses custom kernel drivers to evade detection.f9606989388e71a12e1fb6e0ee1b7210https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: 375259b9f3d308a8617b072a915381a636a715ea81978ddedb6f2499bbb46f02
SHA1: 2ef805b70119cf85a69a71b1432f82f2256f2ac0
MD5: f9606989388e71a12e1fb6e0ee1b7210
M22-M4043LokiBot_d2cf28adWindows This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.d2cf28ad06a13f24e906790eae874fb3https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
SHA256: 8d7af5c4f9ed587f532e5d34a12a7f6bb600a9988bf3697075b2582513999f10
SHA1: 9ffbad9b4ea5362b7e7c595d23d4ea6f5c19c7b6
MD5: d2cf28ad06a13f24e906790eae874fb3
M22-M401cLydra_5eb3637dWindows This strike sends a malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup.5eb3637da49f89486eb76a70cdbd4ed7https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: 9024c00da7dede2b35fcb56b31ab2fd863ee21bd0544b242823585af7b6edff7
SHA1: ef9c5180d207760c29df0c0d3ea04a1efabdcad7
MD5: 5eb3637da49f89486eb76a70cdbd4ed7
M22-M4052Banload_fbed3502Windows This strike sends a malware sample known as Banload. Banload is a banking trojan that has recently been infecting Latin American systems. This malware uses custom kernel drivers to evade detection.fbed3502397bc90ac4008f6593c666a6https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: 39c7d0a1168f924b67a457bf741540fe4d1e3b14723cec4898c700f42ee3f75f
SHA1: f795a41ddb26a0c0fdb692f916318f5a8179cc2f
MD5: fbed3502397bc90ac4008f6593c666a6
M22-M402fNanocore_818a1477Windows This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes.818a1477cbbdf0888524352ff075e68fhttps://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
SHA256: 06a7efd4edec1fb0334aa83b381d6d378a093747550ff6d1b02d1b9c279a2df4
SHA1: 6f00fbd5c926d66bf6d6aee67d5435eefb66c819
MD5: 818a1477cbbdf0888524352ff075e68f
M22-M404bLokiBot_e378a018Windows This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.e378a01869a371d579f14129b6ef6c7bhttps://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
SHA256: cf14f4abcf042298b59bcfb17035fbd3fcad5fcd7b5d3969b9eea24f70853add
SHA1: c072830a71dafa0ad3d4f391dd9bc268cfca3d2c
MD5: e378a01869a371d579f14129b6ef6c7b
M22-M4018LokiBot_4973f991Windows This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.4973f991a4f80bb49052af30e8922a17https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
SHA256: 2428e37a7c159b8094fcd1437fa361469d5cf9f24e64c5b263ff7ee88fd7313b
SHA1: e4ba89e39e37f93ea763c6d0e68a40bc6aed08d2
MD5: 4973f991a4f80bb49052af30e8922a17
M22-M4001ElephantWindows This strike sends a malware sample known as Elephant Dropper. SaintBear also known as UAC-0056 or UNC2589 is a malicious threat actor group that has been tied to the WhisperGate and WhisperKill attacks against Ukraine. Elephant is a campaign that begins as a phishing email that contains a macro embedded Microsoft Excel document that drops a Microsoft signed Elephant Dropper named 'Base-Update.exe' written in Golang. The dropper decodes a C2 address and retrieves the Elephant Downloader named 'java-sdk.exe'. The downloader, also written in Golang, retrieves the final stages of the attack the Elephant Implant and the Elephant Client. The Implant named 'oracle-java.exe' also known as GrimPlant backdoor allows the malware to communicate to the C2 via RPC requests. The Elephant Client named 'microsoft-cortana.exe' also known as Graph Steel backdoor steals user information like Wifi data and browser credentials. This sample is the Elephant Dropper.06124da5b4d6ef31dbfd7a6094fc52a6https://blog.malwarebytes.com/threat-intelligence/2022/04/new-uac-0056-activity-theres-a-go-elephant-in-the-room/
SHA256: 9e9fa8b3b0a59762b429853a36674608df1fa7d7f7140c8fccd7c1946070995a
SHA1: 265a613ac405e6c3557e36a19f0ead2d18638cb0
MD5: 06124da5b4d6ef31dbfd7a6094fc52a6
M22-M4003Lydra_06fa2eb4Windows This strike sends a malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup.06fa2eb46ad814569baadb2549fd27c3https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: 810591beb27efe7b5a6e052247f872a128c6b2e08b6d2f02bf9ad3760293807f
SHA1: 915300506605daa46c99f7868b9fbfd59dd16188
MD5: 06fa2eb46ad814569baadb2549fd27c3
M22-M4027Banload_6d1bdafeWindows This strike sends a malware sample known as Banload. Banload is a banking trojan that has recently been infecting Latin American systems. This malware uses custom kernel drivers to evade detection.6d1bdafed059c665ed9abca1c5f55767https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: 1cb3411d3b74e5b641c87d836c23bd3e4488fbfd68168e550f93f5e0a952b99a
SHA1: 58abfe39779f0eef9371a40395e3aedf532ea498
MD5: 6d1bdafed059c665ed9abca1c5f55767
M22-M4025Banload_6c65c7e6Windows This strike sends a malware sample known as Banload. Banload is a banking trojan that has recently been infecting Latin American systems. This malware uses custom kernel drivers to evade detection.6c65c7e6a017df322ef5f3f5746b933ahttps://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: 3a40c2b7f384ca5ae335e394b944778eae4c0138ec56e01b0656be9025ae6951
SHA1: 7bdae42eb895d8dda6d837a146c201a24ef738df
MD5: 6c65c7e6a017df322ef5f3f5746b933a
M22-M4057LokiBot_0160f5c8Windows This strike sends a polymorphic malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.The binary has a random section name renamed according to the PE format specification.0160f5c8e9e1e2676d8d1f253ce8f8a8https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
SHA256: 467a7d91c8e36f20ffb74aa6b8480cdd71c636779ab1af49d00dd43da5e464ce
https://arxiv.org/abs/1801.08917
PARENTID: M22-M4056
SSDEEP: 6144:SiGuElqq+5tom1lGRvxDe8yITrLUbgPmN:SiUEq+cm1GpxTrSX
SHA1: dd8c719b7a5dd4a13f7ba47470c81336b180b835
MD5: 0160f5c8e9e1e2676d8d1f253ce8f8a8
M22-M402bBanload_7c5d1fa0Windows This strike sends a malware sample known as Banload. Banload is a banking trojan that has recently been infecting Latin American systems. This malware uses custom kernel drivers to evade detection.7c5d1fa04c00c879d314027f037e0abfhttps://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: 14f30b9128a38b31ade71a6e8a94bb1aee6c361e92c7c24dae9fb9b36e027edf
SHA1: a2612f62d37a21e01e043a6b8057126d12aa6b1b
MD5: 7c5d1fa04c00c879d314027f037e0abf
M22-M403dBanload_c2076b76Windows This strike sends a malware sample known as Banload. Banload is a banking trojan that has recently been infecting Latin American systems. This malware uses custom kernel drivers to evade detection.c2076b766832250f6a662167587ff22fhttps://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: 117bdceaa7d909bda125a9bf75c94d43c14801fcfb2be2103f840c819ba1bc93
SHA1: c3adecd9090fd8c9e84fb854ed72a9d7312b4c2c
MD5: c2076b766832250f6a662167587ff22f
M22-M400eLokiBot_2986dd0dWindows This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.2986dd0d1fc472a96a02c5ef9644c1d8https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
SHA256: 2936b663d2b774656e7e71b15b03cee2e119bb9e5e0b3b4937186231854f059f
SHA1: 16e7fa91e2966cf6bf8b1ba6cff1b0532919d952
MD5: 2986dd0d1fc472a96a02c5ef9644c1d8
M22-M4053Nanocore_fbfbb66eWindows This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes.fbfbb66e81bbbd6156f6c62a5b5ee138https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
SHA256: 039d907add08d646102f91cec4fd8f41e769a9ccdc702a0cfe614a5ad0da0ea4
SHA1: b5fbb1e2e29dcecbfbe328b9cd09f5b6513956d7
MD5: fbfbb66e81bbbd6156f6c62a5b5ee138
M22-M4065Lydra_a6bbb58cWindows This strike sends a polymorphic malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup.The binary has random strings (lorem ipsum) appended at the end of the file.a6bbb58c1f7c4f0922dfd96c4b79236fhttps://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: c035f4dfa78dafdf1436453e23f2adef4511604b83aa36d97a3b300a98cbf2ff
https://attack.mitre.org/techniques/T1009/
PARENTID: M22-M4010
SSDEEP: 24576:fDJkk/Zyl24K2AIPiKnw84YdEf/5Hbi8djIWNw5I:fDJk8ZyQ4D3w84s8ZcWw5I
SHA1: eaaeabae5ad3cfc3cb5b0259a53d6c300ff6c7a0
MD5: a6bbb58c1f7c4f0922dfd96c4b79236f
M22-M4031Nanocore_8b4b1d7cWindows This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes.8b4b1d7c42d2db7f3a5ccb826ab1c894https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
SHA256: 186979ef685f3a500a5c4d5d11421e0973d9584e0c95005ec89373236fe72abf
SHA1: c1e0da1e306bb5ff5689c015e9b33bd197b8ae8c
MD5: 8b4b1d7c42d2db7f3a5ccb826ab1c894
M22-M404dAcidRain_ecbe1b1eLinux This strike sends a malware sample known as AcidRain. AcidRain is a wiper malware associated with the Russian invasion of Ukraine, and was used in 2022 in an attack against Viasat modems. It is a MIPS ELF binary that performs a wipe of the target filesystem. The malware also shares some common linked libraries with the VPNFilter plugin ,'dstr', which was meant to wipe devices.ecbe1b1e30a1f4bffaf1d374014c877fhttps://www.sentinelone.com/labs/acidrain-a-modem-wiper-rains-down-on-europe/?msclkid=ca40420bb10711ecb81c3cc4ca9556b9
SHA256: 9b4dfaca873961174ba935fddaf696145afe7bbf5734509f95feb54f3584fd9a
SHA1: 86906b140b019fdedaaba73948d0c8f96a6b1b42
MD5: ecbe1b1e30a1f4bffaf1d374014c877f
M22-M4002Banload_06d7088eWindows This strike sends a malware sample known as Banload. Banload is a banking trojan that has recently been infecting Latin American systems. This malware uses custom kernel drivers to evade detection.06d7088ee3d6560a888025a8c28cabe0https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: 381dcc8dfcbad074115ba93780a7275ec0d3a3004850597a4dafa7a29851e2e7
SHA1: d67353f7784e2299b968fe937f63ff274434630a
MD5: 06d7088ee3d6560a888025a8c28cabe0
M22-M4030Nanocore_87bb61d6Windows This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes.87bb61d698092811de9c9608eb3535fbhttps://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
SHA256: 2e3b6eaaa432ed0491cb75301646d0820489b2dd04cbb3dabd5332054a8e7dd8
SHA1: 888c043b0beb8725bbd109c009c95ed79641b535
MD5: 87bb61d698092811de9c9608eb3535fb
M22-M4050Nanocore_f28a8791Windows This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes.f28a87919c239a05f71658d8708548fdhttps://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
SHA256: 206ff86eaef9ebe2f7179916fcb3a2ec788c2c7c354ebce72d6b843bae446681
SHA1: 56d9aff13a0f9255c2a6456fc34589442102e9ac
MD5: f28a87919c239a05f71658d8708548fd
M22-M4026LokiBot_6c8a1688Windows This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.6c8a16888e371f15f0b018fb0ddaae2ehttps://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
SHA256: 314f45ffb068c464f1ecad8aff18f23693ff5857057f862a7a830b64e1fd2849
SHA1: 7ab5a8a027df0f10ef8bfb667b96b0eb10190532
MD5: 6c8a16888e371f15f0b018fb0ddaae2e
M22-M4012Nanocore_2e2dfbb1Windows This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes.2e2dfbb18adceb71d6785790792b5fd5https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
SHA256: 3d78ae0a3dbd639b87b905888b5535e2a41e5ce3fe57bc9f1cc3c3a5a0523b24
SHA1: 005c33757e915751fb386d63acaaa1568b892d3d
MD5: 2e2dfbb18adceb71d6785790792b5fd5
M22-M4034LokiBot_92d1f7e5Windows This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.92d1f7e5f1d35e4c3744798b583da7e8https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
SHA256: f52025ad2e051afc5b3a48f9b84d88c929a1a27df132c78be3956e34f7ed473b
SHA1: 5d443129743f48695089ffb822b1e0ddebba0a89
MD5: 92d1f7e5f1d35e4c3744798b583da7e8
M22-M4008LokiBot_0f454af3Windows This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.0f454af34a3a6e3a26db1bc14e0c1ee3https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
SHA256: a4fbcf0da39f90df5791fa1f3908403eb99e2cf21fd02d069501e2833dc24bfd
SHA1: dc341247add5c6ab99bf3c4768bbe6cf27ecd015
MD5: 0f454af34a3a6e3a26db1bc14e0c1ee3
M22-M4020Nanocore_677d8f9dWindows This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes.677d8f9dc4f65fd974e3df7d579d2205https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
SHA256: 186ccc173ff83160dc51bd63a4498fc31ac410ef4c9449dce6a95d8aaa083fc1
SHA1: 3b54122884531314447d5eea1395dcdc8184b05e
MD5: 677d8f9dc4f65fd974e3df7d579d2205
M22-M400bNanocore_1a74354aWindows This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes.1a74354aa911475d3787eb9f63a57acdhttps://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
SHA256: 020a7f0aa3a9236e11ae59e0451e1cee322d8cc274f152e5d5050ec39e32ebf1
SHA1: 9fc074042b0b7d770b4865c28181d22479bf00ad
MD5: 1a74354aa911475d3787eb9f63a57acd
M22-M4010Lydra_2afe516cWindows This strike sends a malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup.2afe516c0fc84c348396394f2222d3dfhttps://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: 0dc3f18cd8840916c3cc6e481ba39e9dd35e7b410816e7bc82133bb7e05d3e6e
SHA1: 42652e1d658a94953938f9c5f89dcf37f9377265
MD5: 2afe516c0fc84c348396394f2222d3df
M22-M4005LokiBot_08ed7adaWindows This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.08ed7ada50256212d5ff62819036ec92https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
SHA256: 7e059156d292c91d41f8ff92dcf6bd40e47d0aef0140c51d5bfbdfc865e80f09
SHA1: 56b8bb4be2f0921ac541baceca47842527619060
MD5: 08ed7ada50256212d5ff62819036ec92
M22-M4033Banload_8c79f698Windows This strike sends a malware sample known as Banload. Banload is a banking trojan that has recently been infecting Latin American systems. This malware uses custom kernel drivers to evade detection.8c79f698f784995d572bbe1259d62b4ehttps://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: 4b9d9c9e82e7f214a76bf0f2953ec60f40af4b028e9e431db156df40cf96ea94
SHA1: d5120d629dd8df5bb20a67543e1b1ce4eda86373
MD5: 8c79f698f784995d572bbe1259d62b4e
M22-M4036Banload_9769f7daWindows This strike sends a malware sample known as Banload. Banload is a banking trojan that has recently been infecting Latin American systems. This malware uses custom kernel drivers to evade detection.9769f7dae9a2ae1d6ec10cbdbbb2ee2chttps://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: 2accb3de127578d3cbf8693a40cd754e8b4085f91404137929c9e4a362b450cb
SHA1: e00620db5950067092087e92b09d1e497072c888
MD5: 9769f7dae9a2ae1d6ec10cbdbbb2ee2c
M22-M402cBanload_7f5fd9a3Windows This strike sends a malware sample known as Banload. Banload is a banking trojan that has recently been infecting Latin American systems. This malware uses custom kernel drivers to evade detection.7f5fd9a3772ca1d9e2e4ad11132d89a4https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: 2f6024bfebce0b14fc299832f636092ceae3f3c9c34232dc78d43e2a7b44c85d
SHA1: a63c99b0f835545f6a9ea1b074178811e7fda6be
MD5: 7f5fd9a3772ca1d9e2e4ad11132d89a4
M22-M406cBumblebee_f225b34fWindows This strike sends a polymorphic malware sample known as Bumblebee. Bumblebee is a downloader that contains anti-virtualization checks and the ability to download and execute other malicious payloads. Bumblebee has been associated with multiple campaigns, and has been known to deliver shellcode, Meterpreter, Silver and Cobalt Strike.The binary has random contents appended in one of the existing sections in the PE file format.f225b34ffcf75bcd79a6dfc6a55c4d94https://www.proofpoint.com/us/blog/threat-insight/bumblebee-is-still-transforming
SHA256: 2cf6bc082a9540ec0a5d133272fa08555849ed4607c79382dc792892a6501276
https://arxiv.org/abs/1801.08917
PARENTID: M22-M404c
SSDEEP: 49152:KR7M9r/8AmAJXPasx29pSvKtxqJ7w+dIM9qPGrfeyLX:VqSv/J7H+M91rmyz
SHA1: 524598af0cf218faa2dbd7b4343f0aff6792ed58
MD5: f225b34ffcf75bcd79a6dfc6a55c4d94
M22-M403aBlackCat_b6b9d449Windows This strike sends a malware sample known as BlackCat. BlackCat is ransomware written in rust. It has been tied to the BlackMatter ransomware group. The ransomware uses AES or CHACHA20 algorithms are for file encryption, and the executable is compiled specifically for the target organization.b6b9d449c9416abf96d21b356a41a28ehttps://securelist.com/a-bad-luck-blackcat/106254/
SHA256: be8c5d07ab6e39db28c40db20a32f47a97b7ec9f26c9003f9101a154a5a98486
SHA1: 38fa2979382615bbee32d1f58295447c33ca4316
MD5: b6b9d449c9416abf96d21b356a41a28e
M22-M404fNanocore_f100541aWindows This strike sends a malware sample known as Nanocore. Nanocore is a .NET Remote Access Trojan. It has become widely available. This trojan has many capabilities including monitoring the system audio and video, controlling the desktop, and logging the user's keystrokes.f100541afa58ccf5a261829e822f9a36https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
SHA256: 09292e509fcb22c28b769af2513ddcbeaa994397e878be2ea136f2f8a40b1e27
SHA1: 3fdbb7124d95af3f798c06c3b807bf79fc9000d9
MD5: f100541afa58ccf5a261829e822f9a36
M22-M404cBumblebee_e6a046d1Windows This strike sends a malware sample known as Bumblebee. Bumblebee is a downloader that contains anti-virtualization checks and the ability to download and execute other malicious payloads. Bumblebee has been associated with multiple campaigns, and has been known to deliver shellcode, Meterpreter, Silver and Cobalt Strike.e6a046d1baa7cd2100bdf48102b8a144https://www.proofpoint.com/us/blog/threat-insight/bumblebee-is-still-transforming
SHA256: 08cd6983f183ef65eabd073c01f137a913282504e2502ac34a1be3e599ac386b
SHA1: a7838aa4f42c95ee245f9b62d2c894a4c2067894
MD5: e6a046d1baa7cd2100bdf48102b8a144
M22-M406aLydra_d7a51c98Windows This strike sends a polymorphic malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup.The binary has random contents appended in one of the existing sections in the PE file format.d7a51c9826dbb49d8231ec75fa41e0e2https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: 1c40ea53a9861e2a14d8a97af4a2dcd935c7631c07e79eec5ab8796521b4b375
https://arxiv.org/abs/1801.08917
PARENTID: M22-M4010
SSDEEP: 24576:MDJkk/Zyl24K2AIPiKnw84YdEf/5Hbi8djIWNw5R:MDJk8ZyQ4D3w84s8ZcWw5R
SHA1: c345254b087997ec89d4bb7246454e6a06e6ddfe
MD5: d7a51c9826dbb49d8231ec75fa41e0e2
M22-M404aLokiBot_e2d55f15Windows This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.e2d55f15beeecc19914b40971a0f413ehttps://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
SHA256: 3be5a9fae4019ebe9b1edfe4645472cbfd9df1a0b566d0a342da2cd09f229a30
SHA1: 969c89ae9fb488c4c849ee04abfb47bd13775f10
MD5: e2d55f15beeecc19914b40971a0f413e
M22-M405fLydra_5997ac16Windows This strike sends a polymorphic malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup.The binary has a random section name renamed according to the PE format specification.5997ac16c6a669d83b99a296289c71b8https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: f67053fefc084b48b9770a04810e77f604c06b8627621777f5443ad6b78c4293
https://arxiv.org/abs/1801.08917
PARENTID: M22-M4010
SSDEEP: 24576:ODJkk/Zyl24K2AIPiKnw84YdEf/5Hbi8djIWNw5R:ODJk8ZyQ4D3w84s8ZcWw5R
SHA1: 2d77cbc673640963c2ab2814b04ce33e6dd625c0
MD5: 5997ac16c6a669d83b99a296289c71b8
M22-M405dBumblebee_25a8caa9Windows This strike sends a polymorphic malware sample known as Bumblebee. Bumblebee is a downloader that contains anti-virtualization checks and the ability to download and execute other malicious payloads. Bumblebee has been associated with multiple campaigns, and has been known to deliver shellcode, Meterpreter, Silver and Cobalt Strike.The binary has a random section name renamed according to the PE format specification.25a8caa929eb681e1f75b495e8ddbddehttps://www.proofpoint.com/us/blog/threat-insight/bumblebee-is-still-transforming
SHA256: f58b1233cada673b12ca1a6aca3a75bb3ba05bde0480d64d5b14b99e934672b4
https://arxiv.org/abs/1801.08917
PARENTID: M22-M404c
SSDEEP: 49152:hR7M9r/8AmAJXPasx29pSvKtxqJ7w+dIM9qPGrfepLX:yqSv/J7H+M91rmpz
SHA1: 4f2457caf16f699a5da2506890adb99d6767eeb5
MD5: 25a8caa929eb681e1f75b495e8ddbdde
M22-M4041LokiBot_c5c06432Windows This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.c5c06432bc7c0780e0de5028dd4098c4https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
SHA256: 9918641f49c29eb6488268510c824c1a2ebbecea8121c94fa83dcebadf83796c
SHA1: 45acc9ff1a32b1e9ad979514cf2f5ac41cfd3f98
MD5: c5c06432bc7c0780e0de5028dd4098c4
M22-M4064LokiBot_89e9dbf2Windows This strike sends a polymorphic malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.The binary has random strings (lorem ipsum) appended at the end of the file.89e9dbf2546d9f1949c3ae8b7e16ce12https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
SHA256: c7e8b908ba77fd1d8dbc48b9177d6658a957b7948329aac022e60d39062105b0
https://attack.mitre.org/techniques/T1009/
PARENTID: M22-M4056
SSDEEP: 6144:viGuElqq+5tom1lGRvxDe8yITrLUbgPmNy:viUEq+cm1GpxTrSXy
SHA1: f3f17311f7eca9b1be14100efc634cf6f50517ce
MD5: 89e9dbf2546d9f1949c3ae8b7e16ce12
M22-M400fLokiBot_2ae52ed0Windows This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.2ae52ed06d8466acf2ba526c9808c44chttps://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
SHA256: b9291afeb5418b38950175e191ba50b942bf18824ec4b853d9b6a1ce0f6d6f51
SHA1: b1f5f8c246ee482b58f8ecaa181465427a023753
MD5: 2ae52ed06d8466acf2ba526c9808c44c
M22-M4022Lydra_6a56292dWindows This strike sends a malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup.6a56292dca5d844048c166288dfb8d12https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: 552324621c91b8b07255d6bf8ff8a5b3aa4deb196a9e226e53cf0f6f7cd75bce
SHA1: a39064aa6aa5c90e4f0eae7ce7811885789ff0eb
MD5: 6a56292dca5d844048c166288dfb8d12
M22-M4017Banload_3c8d18b6Windows This strike sends a malware sample known as Banload. Banload is a banking trojan that has recently been infecting Latin American systems. This malware uses custom kernel drivers to evade detection.3c8d18b6e55095a225e09bbe7a171fc4https://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: 4768068b2d5b009ed00ab89f3e828fb3baa396118c18e5c3f53831c15542bded
SHA1: bc56cd12a7f69c19e1c297304783257b36331656
MD5: 3c8d18b6e55095a225e09bbe7a171fc4
M22-M4021LokiBot_6882fe2eWindows This strike sends a malware sample known as LokiBot. Lokibot is an information-stealing malware designed to siphon off sensitive information stored on an infected device. It is modular in nature, supporting the ability to steal sensitive information from a number of popular applications. It is commonly pushed via malicious documents delivered via spam emails.6882fe2e90093a2bfd5d96371330e809https://blog.talosintelligence.com/2022/04/threat-roundup-0401-0408.html
SHA256: 6daf2f4b11e77d52247a97aa5a8640a9b7957301a152ad48d493581a0148a752
SHA1: 75bffbd17c24bd34b1fec8408fab3acbc4cba051
MD5: 6882fe2e90093a2bfd5d96371330e809
M22-M4063Lydra_840710a5Windows This strike sends a polymorphic malware sample known as Lydra. Lydra is malware that steals sensitive information like passwords and setups various persist mechanisms to ensure execution at startup.The binary has random contents appended in one of the existing sections in the PE file format.840710a56264b708f3eb3bbbc5c1321dhttps://blog.talosintelligence.com/2022/04/threat-roundup-0408-0415.html
SHA256: 6450c6748ee1d2cbd963d8350198300150a3a44b561fdbc835c466d207e5baf6
https://arxiv.org/abs/1801.08917
PARENTID: M22-M400d
SSDEEP: 12288:C5kXzk3f1nZaJl2qIYGnhT2AsnPiKySRsxy8iZV1nUIW2eZ/8djVOWDvqb2bxq9S:6YwpZyl24K2AIPiK0K/5Hbi8djIWw2bh
SHA1: e4fe2778e28d36526ec331ac510cf293278ec134
MD5: 840710a56264b708f3eb3bbbc5c1321d