Overview

overview

10

Static

static

INVOICE_HQ...df.exe

windows7_x64

10

INVOICE_HQ...df.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8762cc7bdda5b64ed2e9b5e1dc4c5e3be2da9207ffa595e7f1cd0434650ed5a7

  • Size

    350KB

  • Sample

    220521-myvx4sfghk

  • MD5

    3b0914a33ca6d5c5081fa13e62a70a47

  • SHA1

    ab42f851e331e8bdc1deaebde17a7776262bf559

  • SHA256

    8762cc7bdda5b64ed2e9b5e1dc4c5e3be2da9207ffa595e7f1cd0434650ed5a7

  • SHA512

    858f48a97731ca3ffadd54fbc65db85fc15b92ee5f060e0b60efbae605798d4c2dd78197d90e87aad77801b0192176cf09377531737d5dc82d1121f28979e91d

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Targets

    • Target

      INVOICE_HQ2201800000532_HQ2201800000613_PAST_DUE_pdf.exe

    • Size

      629KB

    • MD5

      46443b771ef4c352c2d0e7c4af973eca

    • SHA1

      90c03c5665f6721f22adf9e9b5f19555bcbe58e1

    • SHA256

      400dfcda6e4685431b499a17f7ec57949472b72e06f7f5e7cafad066e20315dc

    • SHA512

      cad9180e21a986b173e30da2045c4c6831d6a943289df016da713821e77aa981f7bfeabc6b5c52cf0bf1e177ed9c0c10d484e9f2535768d7660b31577cb154bc

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks