9bb06a021a4881d899889e8144323fd17763fb49abd9ced9faaafbdc35ab5f40

General
Target

9bb06a021a4881d899889e8144323fd17763fb49abd9ced9faaafbdc35ab5f40

Size

685KB

Sample

220521-w7v4xabbb6

Score
10 /10
MD5

0a381c851b0f13d18bcd5efe6352eec3

SHA1

f28747eb99fc948af08657d288c09fca6630994a

SHA256

9bb06a021a4881d899889e8144323fd17763fb49abd9ced9faaafbdc35ab5f40

SHA512

a7f8c886f188d975a9fe412ccc972fec115267c7292e40a6c2b9b78430f3770eae109734e26de2f275c591b7fd270489d8aa055977ca58dc10fbaf228ad356a1

Malware Config

Extracted

Family lokibot
C2

http://superson.ga/Bobby/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets
Target

Remittance ADVICE.exe

MD5

d7e5cae47982fe6cee9a60426d9b6e1a

Filesize

1MB

Score
10/10
SHA1

cee33cfb8ad0380d6aaa1272e3a1e5474f2d5b59

SHA256

3d611ca54f64546327d9bc6993662d5058a7f07fa8e16b81fc7ee6ff60d952f2

SHA512

80fa653ba171ff732919d68e1a3b418deb40a49756fd95b8efa4b60a3619ee093db55da87434b50361acca8c0dbd848f0657b9a0536288a377d01b577e64de07

Tags

Signatures

  • Lokibot

    Description

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    Tags

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Accesses Microsoft Outlook profiles

    Tags

    TTPs

    Email Collection
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Discovery
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      5/10