7d797a92da7d926481b30b6a7f215c6a2efec9c209a0096e42f6ec66d2ba566c

General
Target

7d797a92da7d926481b30b6a7f215c6a2efec9c209a0096e42f6ec66d2ba566c

Size

1MB

Sample

220521-w86l2abca2

Score
10 /10
MD5

8d7bd7325dfc6e87367e4426e5782e03

SHA1

bb4fe8b57cb154ef34747d9755306c828c0bc943

SHA256

7d797a92da7d926481b30b6a7f215c6a2efec9c209a0096e42f6ec66d2ba566c

SHA512

d6306d89774ffc53e6950995034721afa04e95671295eb8cb9fe6ab9499e7f4ad229114119847f5f72101397ffb907a72d58192126ef2c66a6c26edf283933d8

Malware Config

Extracted

Family lokibot
C2

http://oneflextiank.com/cola/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets
Target

Payment Notification_pdf.exe

MD5

9ffd557ac6d2f24ef7896ad19bf54b8b

Filesize

1MB

Score
10/10
SHA1

eddd424270208cc05af78285397657d3c54b32b2

SHA256

50b314825821a231dd4a13782bd1c927a590e30d186fe1ed28fd26940a9ee5e0

SHA512

1a3355b6a9bb1eec538bab719d743ebf205d67b6eff93a292e80e699c6acaa176f995d19e46cc84fd9e65640942d0d1099e1b98f1e04312b7e2d53d99239686e

Tags

Signatures

  • Lokibot

    Description

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    Tags

  • suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

    Description

    suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

    Tags

  • suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2

    Description

    suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2

    Tags

  • suricata: ET MALWARE LokiBot Checkin

    Description

    suricata: ET MALWARE LokiBot Checkin

    Tags

  • suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

    Description

    suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

    Tags

  • Accesses Microsoft Outlook profiles

    Tags

    TTPs

    Email Collection
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
Command and Control
    Credential Access
      Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation