495e88db7f79e4930611aa0647ee42b806a7112b211546639e16dec2ebbac21b

General
Target

495e88db7f79e4930611aa0647ee42b806a7112b211546639e16dec2ebbac21b

Size

616KB

Sample

220521-w8k1bsedgk

Score
10 /10
MD5

07578f047c179095dd7c564c3872cdd6

SHA1

b75e2e2c818eb82ae643296287442ebb2c6e4298

SHA256

495e88db7f79e4930611aa0647ee42b806a7112b211546639e16dec2ebbac21b

SHA512

df74b67bcef2df4c53ceba59186bdcb3a2d7f1d420c4c643fb723716de5b82b22b28a0e2d6a2380f679f197f0d9beefe54deae4bd1ab795c2329874999daf4b3

Malware Config

Extracted

Family lokibot
C2

http://attlogistics-vn.com/first/chief2/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets
Target

COVID-19 TRANSFER RECEIPT FORM_pdf.exe

MD5

1678a6372c11592d92876749482fd18e

Filesize

1MB

Score
10/10
SHA1

e7001067022152bc76445369c9c14f59e0097fdc

SHA256

2a3c60d816836bf1cecb31f34d4eaf5b93976c123364538d5b8e22e9272e1269

SHA512

fa2bc8977f0c929fd6baafaf863b809a38eb6704f05199ec6073cda40116ffc169c6ea33079cbd367f21084ad6a581dabd989e5f4163fa2f4648406c35fc778b

Tags

Signatures

  • Lokibot

    Description

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    Tags

  • Accesses Microsoft Outlook profiles

    Tags

    TTPs

    Email Collection
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
Command and Control
    Credential Access
      Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        5/10