Overview

overview

10

Static

static

8883_774_pdf.exe

windows7_x64

10

8883_774_pdf.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7330fa1eb0cb192e7a082ee074ca0445b74956bb982099682110e6ce8da85fe8

  • Size

    350KB

  • Sample

    220521-myx3gacfh4

  • MD5

    4f2f320d1697d06700d33041f67376f1

  • SHA1

    4f8f1d846e17e0f68fddc86ae4cf5b242239d5ef

  • SHA256

    7330fa1eb0cb192e7a082ee074ca0445b74956bb982099682110e6ce8da85fe8

  • SHA512

    098906e2a23c100a686594b9d6e443ab2160758b08bf0a698b091ce5a8a210908d58417107c38c2f3e36b77e1e15de8d34a6b38a859bbb102159d2636d1c6f55

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Targets

    • Target

      8883_774_pdf.exe

    • Size

      629KB

    • MD5

      4f0f049d514c094a0a56f1ff91c57e4b

    • SHA1

      29cf536d9148f1ced0eeb788493a3a277a41e526

    • SHA256

      a83d00913bb5e3f6e95d31626388d67c0db45fbd098d68e63e88c0167f248620

    • SHA512

      cfb524caace4e24f55c02013b01c9e7167180dd6e9a225bc576b53c6f39fdf8f4fa619b5fbd6fe88c81f7cfa8f3d2e42de8dba87a86450e6781a91afa5747f97

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks