17dd626669b3f7482f75c1beb9dbd13c398180240cdbf91c37a32ef5ba8a40f4

General
Target

17dd626669b3f7482f75c1beb9dbd13c398180240cdbf91c37a32ef5ba8a40f4

Size

390KB

Sample

220521-w7kceaedbl

Score
10 /10
MD5

64aeedb1e40a3e040ac7cbacc7584f37

SHA1

f34d6da1163c0f5079487dac7adab56a35d0f563

SHA256

17dd626669b3f7482f75c1beb9dbd13c398180240cdbf91c37a32ef5ba8a40f4

SHA512

55c2c57c1b9f2c768271feb9e7e126029dfee7628a6c48eb8c2e2bcd504c819e0256dc967707784258247f80b798d9c951da9cd555b27de7f94f1b238dfa8b3e

Malware Config
Targets
Target

debb.exe

MD5

73b1fecfd38a17ad5e7ea69223327976

Filesize

408KB

Score
10/10
SHA1

baf594e729bcedc6685daac477986bb8aeebbbfc

SHA256

5b2989ef162f3637ce93f1aa6b8a0efaf712078d1217aed9150b8c7dc55f0275

SHA512

7c72932249105743c92d5a663156c42aca72a13f42a7ae9d4dc08e55500af484c892e21756b8064325119b3a94406734954b7ef3731b5b7d6c78135b36f7df9d

Tags

Signatures

  • Lokibot

    Description

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    Tags

  • UPX packed file

    Description

    Detects executables packed with UPX/modified UPX open source packer.

    Tags

  • Drops startup file

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files

  • Accesses Microsoft Outlook profiles

    Tags

    TTPs

    Email Collection

  • Suspicious use of SetThreadContext

Related Tasks

behavioral1behavioral2
MITRE ATT&CK Matrix
Collection
Command and Control
    Credential Access
    Defense Evasion
      Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks