Overview

overview

10

Static

static

5

payment-doc-pdf.exe

windows7_x64

10

payment-doc-pdf.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    736727fcebc11c8251e11465c2547ab7fddf8a8af79bf4c3239155936efd9e2f

  • Size

    693KB

  • Sample

    220521-m8dftadcb8

  • MD5

    7ece1defd489c7d944c7d5cf5a80fbe5

  • SHA1

    374a0369655e65ab814d58c059b2aaf0f060359d

  • SHA256

    736727fcebc11c8251e11465c2547ab7fddf8a8af79bf4c3239155936efd9e2f

  • SHA512

    0a76757f3906b59e33c6119179b6655a750443d2f270bb25a07df53271bcf36d7abda67d94331f5a81ee22e84d027a89d1a9ecbda212cb81ed62ae5dbff0f07a

Score
10/10
lokibotcollectionspywarestealersuricatatrojan

Malware Config

Extracted

Family

lokibot

C2

http://oneflextiank.com/coco/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      payment-doc-pdf.exe

    • Size

      1.1MB

    • MD5

      c11a978107b9c9eb837c007c0b755193

    • SHA1

      6106eac313784563e07209c9584bc8839bfa0d37

    • SHA256

      fba38412cc65baf89d6e5145f226c26e20128f5404cdbbe82f094007796e7c65

    • SHA512

      5978163eceb1f51e5204b093921858e04a5d12b82bd60100c5ddfe328f5286a8fe8082a1e7c8619064b1e5a35b7af070ceab68c212f89508e380d128a56a6d27

    Score
    10/10
    lokibotcollectionspywarestealersuricatatrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

      suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

      suricata

    • suricata: ET MALWARE LokiBot Checkin

      suricata: ET MALWARE LokiBot Checkin

      suricata

    • suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

      suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

      suricata

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks