Overview

overview

10

Static

static

HP16523043...f..exe

windows7_x64

10

HP16523043...f..exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    535246a2d4f30961ec85a8a29995d67bc611d1b1de2027930b3b9ce57fa3adfb

  • Size

    335KB

  • Sample

    220521-m475madae4

  • MD5

    47a8ff466ed03f8719dc066f5c90c65b

  • SHA1

    f7f2d3d38b86009bcaa63899e5429ad5db1d18f0

  • SHA256

    535246a2d4f30961ec85a8a29995d67bc611d1b1de2027930b3b9ce57fa3adfb

  • SHA512

    b85f8b151ecd16cb1bf5a24def3e18a4ac3a421ece7c3691c9389090476d61012a370cc69513ae244c859d1f5a4c7539f79a27727be7291048de4aee89ba5727

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Targets

    • Target

      HP1652304340032004_pdf..exe

    • Size

      564KB

    • MD5

      30962a321c30c6cf8283272b1f0ce1e4

    • SHA1

      ece6c238befbe02f6f150998a85d9f92ce2a1393

    • SHA256

      8740c69b19d17495a8622b3fc7c7c9bd1c39464483fbfe01cc1c459ef3773910

    • SHA512

      37f86b60db3c60d3a7189938b7de2b064404e32f59fa488e7832b77f588cfc4646ecfaf77053759717404a06e823c06a2865b6d51fc43d03991f16f53647071c

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks