Overview

overview

10

Static

static

scan copy-...df.exe

windows7_x64

10

scan copy-...df.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e459dfd96bf8da8ec1f3c742fe44ab1d2fcb7f64d9ef1bd8ceb8f3884257a2f7

  • Size

    327KB

  • Sample

    220521-mx2z2afgem

  • MD5

    9ac3512bd3d30250b5e76bf8cb80b484

  • SHA1

    ca9e13e4e50253e069d0fee8f2fdadabac78ad5b

  • SHA256

    e459dfd96bf8da8ec1f3c742fe44ab1d2fcb7f64d9ef1bd8ceb8f3884257a2f7

  • SHA512

    32392b4d7d91ef504a42b5409ef0ed98d38348bd99a6cf0250f9b825d80d94cdcca0c1e8071cc52f2fa656a4effed5d29867a4e36d018bf44495d3890df05cb9

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Targets

    • Target

      scan copy-410011_pdf.exe

    • Size

      557KB

    • MD5

      f2d06697438516a6562c2718c842fab7

    • SHA1

      43f5abd8b821dde5dbc6ea9c734aa07ae48ba4c2

    • SHA256

      9739bfe868c9adb753a281569b30ed4a1b1c5b58f2cfa5a2d1e1d48a95601331

    • SHA512

      b170af171382601b3f48e93a5ca8b7de2b3f95ea304215029396a9198de83d11236397ecbd20dc00ddaea18821ac2b40edda3c6fb51b5d1517438a776673849a

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks