Overview

overview

10

Static

static

file-211051_pdf.exe

windows7_x64

10

file-211051_pdf.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    03b901772d45d5d381428926c1e01f7346f03359f42cafb280ea9df350816aed

  • Size

    464KB

  • Sample

    220521-m6a8nsgcaj

  • MD5

    35c04e26004def5cfb0912d1054065c4

  • SHA1

    d3ecee094ffce6defc4f499e985703472e749a14

  • SHA256

    03b901772d45d5d381428926c1e01f7346f03359f42cafb280ea9df350816aed

  • SHA512

    762923cfaee234c5bccc39ade568a844cb2673b87ff9c21e2900386aea27fbab7be5d6c57241659664e0e135896508b27d68dc36dd6a803ee62a2e6d3ed9e07f

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Targets

    • Target

      file-211051_pdf.exe

    • Size

      843KB

    • MD5

      36be15b5439cb5ff2c0914afc3647c9b

    • SHA1

      d7f9cc9189d70b8372eefe1eae90774b7264fa4c

    • SHA256

      58237cfff038ac931d0c53e7206b5b879eaae60c37bd5df02bafca3984f73fa5

    • SHA512

      900f0b7ab91e0c150328299554cf06c03dd613110da72f5273b33a9add014323f66693c77efb8d6c1e711755203a4154d5074d4d1a359af93380ab5f9fb553bf

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks