Overview

overview

10

Static

static

tt-09674-pdf.exe

windows7_x64

10

tt-09674-pdf.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2cdfa9d7c27c9dd204971487432e4dede853416ed35eadaaf1f26497664a2090

  • Size

    393KB

  • Sample

    220521-mzdefscgb2

  • MD5

    144112a6e75774d8f9b46376d182dfee

  • SHA1

    a5a5eb0f17b6c0f60988c3ea738ebc5b82edf80f

  • SHA256

    2cdfa9d7c27c9dd204971487432e4dede853416ed35eadaaf1f26497664a2090

  • SHA512

    c4dd158c6e959d8945bf6ab47e0e75a926f68f9a8398678119a01cdc6288a61b4c1492670219e29ad6eb671e9b3b89571eebac367b4ab9df16dd2821549bee45

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Targets

    • Target

      tt-09674-pdf.exe

    • Size

      741KB

    • MD5

      c1a8d951b5d64b9bd95b955fc89ba1c5

    • SHA1

      7ba8fd944be67a5083d31cff49f242b5cedd4304

    • SHA256

      938015f958e315599318398a69789188b8ceb9d4d73a6ec5b59d71c16899f944

    • SHA512

      83730495948ad81ddd5c2292d96999590dd075d281262e6afe86caff6d71894f5f7461b3e00c96f6e7fa7c2696ec59bb5bd282e3dcff5a1ecd98f701652a1ecb

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks