Overview

overview

10

Static

static

5

Payment No...df.exe

windows7_x64

10

Payment No...df.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7d797a92da7d926481b30b6a7f215c6a2efec9c209a0096e42f6ec66d2ba566c

  • Size

    1.0MB

  • Sample

    220521-w86l2abca2

  • MD5

    8d7bd7325dfc6e87367e4426e5782e03

  • SHA1

    bb4fe8b57cb154ef34747d9755306c828c0bc943

  • SHA256

    7d797a92da7d926481b30b6a7f215c6a2efec9c209a0096e42f6ec66d2ba566c

  • SHA512

    d6306d89774ffc53e6950995034721afa04e95671295eb8cb9fe6ab9499e7f4ad229114119847f5f72101397ffb907a72d58192126ef2c66a6c26edf283933d8

Score
10/10
lokibotcollectionspywarestealersuricatatrojan

Malware Config

Extracted

Family

lokibot

C2

http://oneflextiank.com/cola/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      Payment Notification_pdf.exe

    • Size

      1.5MB

    • MD5

      9ffd557ac6d2f24ef7896ad19bf54b8b

    • SHA1

      eddd424270208cc05af78285397657d3c54b32b2

    • SHA256

      50b314825821a231dd4a13782bd1c927a590e30d186fe1ed28fd26940a9ee5e0

    • SHA512

      1a3355b6a9bb1eec538bab719d743ebf205d67b6eff93a292e80e699c6acaa176f995d19e46cc84fd9e65640942d0d1099e1b98f1e04312b7e2d53d99239686e

    Score
    10/10
    lokibotcollectionspywarestealersuricatatrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

      suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

      suricata

    • suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2

      suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2

      suricata

    • suricata: ET MALWARE LokiBot Checkin

      suricata: ET MALWARE LokiBot Checkin

      suricata

    • suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

      suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

      suricata

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks