cf85acb9f6732b72874395e9362600e2fe129e6988faea6ddd7a8f957161fbf4

General
Target

cf85acb9f6732b72874395e9362600e2fe129e6988faea6ddd7a8f957161fbf4

Size

813KB

Sample

220521-w84gnseeaj

Score
10 /10
MD5

ca80218725bf221e37f70f9c6c5f6ca4

SHA1

82c443061867dfe96df7afda6b15f7a62a61d225

SHA256

cf85acb9f6732b72874395e9362600e2fe129e6988faea6ddd7a8f957161fbf4

SHA512

5fa781fd57c9b273979bcabd39db844293578f0a412397ade5e17c50fdc9a1c7a0481cc4344aa817ad1bf7b180640ae1319dd008937831c5f2ea50248eff5433

Malware Config

Extracted

Family lokibot
C2

http://lapphoungshoes.com/dope/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets
Target

payment copy_pdf.exe

MD5

5dfa96941d8503287771d954e25c343f

Filesize

1MB

Score
10/10
SHA1

dbef0eedd0e660152f1e4bfe2ecda82393401b7c

SHA256

4bc494204a6950d07cdbc7181b7b9588d037d7118e31fb41f0156c2b44423e34

SHA512

9cb5fdea7856cebb2ed0d89aef330fe19a9e5f3f5810e7fb40b92c2bcb7f4a492e41f5b13bc9748fdf1b25d55d7dc8641c6ae18421ef44684adddd03f1f86011

Tags

Signatures

  • Lokibot

    Description

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    Tags

  • suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

    Description

    suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

    Tags

  • suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2

    Description

    suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2

    Tags

  • suricata: ET MALWARE LokiBot Checkin

    Description

    suricata: ET MALWARE LokiBot Checkin

    Tags

  • suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

    Description

    suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

    Tags

  • Accesses Microsoft Outlook profiles

    Tags

    TTPs

    Email Collection
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
Command and Control
    Credential Access
      Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation