a89e368ecf059536c57d4585fced393df12f198f037f6340207c3ef2fb57465f

General
Target

a89e368ecf059536c57d4585fced393df12f198f037f6340207c3ef2fb57465f

Size

1MB

Sample

220521-w76weabbc9

Score
10 /10
MD5

a0de3a2de4dde7a111596f782fad1cd7

SHA1

3c9086a3726928fe213b43c88f8beed4ef561951

SHA256

a89e368ecf059536c57d4585fced393df12f198f037f6340207c3ef2fb57465f

SHA512

9f4e08bd22fb001541d10c64066570dc508699f03ff724eee1bcb9f996f5c284ea2d5cd48988497b34b74a403127f51a24bc561ae88b8e6bb83b2b975333b268

Malware Config

Extracted

Family lokibot
C2

http://maylnk.ml/DBY/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets
Target

IMG_005938582857265224_PDF.exe

MD5

d7c1ca09e276d5537b917d2720124da4

Filesize

1MB

Score
10/10
SHA1

f8d7f6ef12b411869ce765eead978cf74e411038

SHA256

d1dd81a8c2880316c78b739876ef8faa6c15b504dcf83859a291dddc774e5097

SHA512

15ba0360308eb2cb7204b45129f38e00d4dd36ab3d258ffdb7a465db3cc9fb788847983ffe38ee3d721bd5012224519138519533d2a45b35cd97e6f08ea57c32

Tags

Signatures

  • Lokibot

    Description

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    Tags

  • Drops startup file

  • Accesses Microsoft Outlook profiles

    Tags

    TTPs

    Email Collection
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
Command and Control
    Credential Access
      Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        5/10