527877ebd1479cc73a19a76d71f071e4d44de96e103d141f4de8cec9d4f6b583

Target

Size

775KB

Sample

220521-w8nffsbbf6

Score

10 ^/10

MD5

327a4b952967e5d91a1ddad2b723eb23

SHA1

ae3f9884ff5a16edaa7bca4954a7bbe130d753f7

SHA256

527877ebd1479cc73a19a76d71f071e4d44de96e103d141f4de8cec9d4f6b583

SHA512

747009a189abf4a26c6e7109a61b1acaa3c500104c146b1d13f11f5b4069d9f33b83ee8136aa13bc17adcaafde39518b41363af797d0018d3c7fc0ab461bf918

Extracted

Family	lokibot
C2	http://eocaenlogistics.com/data/five/fre.php http://kbfvzoboss.bid/alien/fre.php http://alphastand.trade/alien/fre.php http://alphastand.win/alien/fre.php http://alphastand.top/alien/fre.php http://eocaenlogistics.com/data/five/fre.php http://kbfvzoboss.bid/alien/fre.php http://alphastand.trade/alien/fre.php http://alphastand.win/alien/fre.php http://alphastand.top/alien/fre.php

Target

proforma-invoice-pdf.exe

MD5

4060af4b4ea1761bee2a02d567bd7e19

Filesize

1MB

Score

10^/10

SHA1

a0f6eeea3082f843ba51d1e7a5d7d882f922e8eb

SHA256

6fc8242544db1561bbd55bcc4e83a5f1a821f9af1781123b634384ab1ff531e0

SHA512

a909ddc39a5179a0c2ab434c8410abdedad453180c9dbff66bdb3add699b72f11a8eb60a2f8ca4151b497100184289e619b78ce4a41acd69fcc096445a7db916

Signatures

Lokibot
Description

Lokibot is a Password and CryptoCoin Wallet Stealer.
Tags

trojan spyware stealer lokibot
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
Description

suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
Tags

suricata
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
Description

suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
Tags

suricata
suricata: ET MALWARE LokiBot Checkin
Description

suricata: ET MALWARE LokiBot Checkin
Tags

suricata
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
Description

suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
Tags

suricata
Accesses Microsoft Outlook profiles
Tags

collection

TTPs

Email Collection
Suspicious use of SetThreadContext

Related Tasks

behavioral1 behavioral2

Collection

Email Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

5^/10

behavioral1

lokibot collection spyware stealer suricata trojan

10^/10

behavioral2

lokibot collection spyware stealer suricata trojan

10^/10

Extracted

Tags

Signatures

Lokibot

Description

Tags

suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

Description

Tags

suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2

Description

Tags

suricata: ET MALWARE LokiBot Checkin

Description

Tags

suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

Description

Tags

Accesses Microsoft Outlook profiles

Tags

TTPs

Suspicious use of SetThreadContext

Related Tasks

static1

behavioral1

behavioral2