Overview

overview

10

Static

static

1

Telegraphi...df.exe

windows7_x64

10

Telegraphi...df.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    350776d4faa5b4c3ec4ea49d4e90099df436080b1dd76303e4d3cc9abd74c14d

  • Size

    236KB

  • Sample

    220521-mhzw5afaak

  • MD5

    2eaeb5ff8cd910252d174b19774a1b75

  • SHA1

    02e04f90e4d6ec906d5cf41cd6dcacef9d6886e7

  • SHA256

    350776d4faa5b4c3ec4ea49d4e90099df436080b1dd76303e4d3cc9abd74c14d

  • SHA512

    06457e2996f21ec5d97aa45baaa6246fd6582881eace1a15f9a832f3b22d012328cf19203a8313c28e1d198bf246363e414ffe0dd29da0f1aa4f932a41784d8c

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://modevin.ga/~zadmin/lmark/gld/mode.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      Telegraphic TT_pdf.exe

    • Size

      263KB

    • MD5

      7303050178e778b49c4739d292be1134

    • SHA1

      a03cef1f269e46030fb853e55b3ad08adce1e906

    • SHA256

      17202bb0d0bdcfba25f18ec1692c3fd2a858cc8cb70cb9faeb703a31e54152de

    • SHA512

      b5dc7714b930860bb65981e3ad8e4c4d4d169d293ce6c8364e6177d70359f3034122f76256b357f2ed22584205bfdb91c1e869fe0bc526a450a18208761f1a6e

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks