Overview

overview

10

Static

static

MV Crystal...f..exe

windows7_x64

10

MV Crystal...f..exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c8534a064fee1283d2319c186c503240169ec4001c540dd3d90d86c69d57c014

  • Size

    345KB

  • Sample

    220521-npt5wshbbp

  • MD5

    2d1c70611e9381a920612208f248dc94

  • SHA1

    b9b7e3d645949f046f63c62a55892cb5a02ed88d

  • SHA256

    c8534a064fee1283d2319c186c503240169ec4001c540dd3d90d86c69d57c014

  • SHA512

    942ba4a0ebac7882663a098ed0e3ce97d79d121acb287822617adab13c02bccb266df8e8c7e0e7081d4ad965155ae7717d7a707968bbd677744feddf445fec63

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Targets

    • Target

      MV Crystal BAY_pdf..exe

    • Size

      588KB

    • MD5

      0d9e0a5ee2370181e6df2d49bf3245b0

    • SHA1

      1c5a84f18225c10123f2f96879976eacda666c65

    • SHA256

      58af5a72f21e64e635661aaa2d09a72f6eb3e12117eef93ee5d4cb0840a5a31d

    • SHA512

      9276f6794455ec0c3143af07d9bb299261c875ce3f342ade786ded83bd4f2835972089429870835398b46a0aa5ca6b3cf244df47e52f3397e8a2e1f649db8f3a

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks