Overview

overview

10

Static

static

file-copy0...df.exe

windows7_x64

10

file-copy0...df.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ab563ddd39c4c1072d36411fdfaa918241d9a858f92917c36bdee42a5b97fc94

  • Size

    369KB

  • Sample

    220521-myhyjsfgfr

  • MD5

    095f09516cdbb0458d4d108ea69ba035

  • SHA1

    64020f08302e02e3eeef60977da7b4d8e3261f7e

  • SHA256

    ab563ddd39c4c1072d36411fdfaa918241d9a858f92917c36bdee42a5b97fc94

  • SHA512

    3c37626711188c21915c0250c93d19578ad2dece698b8ab23cc2def95cf40f3029cef34e99860f7f074f83c871d8939696c22bbc2c3479fbfc9136a2ce0867ac

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Targets

    • Target

      file-copy0101229_pdf.exe

    • Size

      639KB

    • MD5

      2e62393b05a4b94abebbe88c92847b0e

    • SHA1

      98cdcc2e4e31a7a9be98e8451bbbd0ce3df96163

    • SHA256

      3b32cb9ad3d5b8b07ad3188b3a2551498c0752079e4d95e3d790ec39beab5b5d

    • SHA512

      bbadf3740bb0b4fa40b7deaa8a3179714c62d24c5ea5ad3d4bdd98ca51a86f6653e81d978b2968429c4e6ec15a2ea83d35c9c7071ba39691502e71ab525c7af2

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks