527877ebd1479cc73a19a76d71f071e4d44de96e103d141f4de8cec9d4f6b583

General
Target

527877ebd1479cc73a19a76d71f071e4d44de96e103d141f4de8cec9d4f6b583

Size

775KB

Sample

220521-w8nffsbbf6

Score
10 /10
MD5

327a4b952967e5d91a1ddad2b723eb23

SHA1

ae3f9884ff5a16edaa7bca4954a7bbe130d753f7

SHA256

527877ebd1479cc73a19a76d71f071e4d44de96e103d141f4de8cec9d4f6b583

SHA512

747009a189abf4a26c6e7109a61b1acaa3c500104c146b1d13f11f5b4069d9f33b83ee8136aa13bc17adcaafde39518b41363af797d0018d3c7fc0ab461bf918

Malware Config

Extracted

Family lokibot
C2

http://eocaenlogistics.com/data/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets
Target

proforma-invoice-pdf.exe

MD5

4060af4b4ea1761bee2a02d567bd7e19

Filesize

1MB

Score
10/10
SHA1

a0f6eeea3082f843ba51d1e7a5d7d882f922e8eb

SHA256

6fc8242544db1561bbd55bcc4e83a5f1a821f9af1781123b634384ab1ff531e0

SHA512

a909ddc39a5179a0c2ab434c8410abdedad453180c9dbff66bdb3add699b72f11a8eb60a2f8ca4151b497100184289e619b78ce4a41acd69fcc096445a7db916

Tags

Signatures

  • Lokibot

    Description

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    Tags

  • suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

    Description

    suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

    Tags

  • suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2

    Description

    suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2

    Tags

  • suricata: ET MALWARE LokiBot Checkin

    Description

    suricata: ET MALWARE LokiBot Checkin

    Tags

  • suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

    Description

    suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

    Tags

  • Accesses Microsoft Outlook profiles

    Tags

    TTPs

    Email Collection
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
Command and Control
    Credential Access
      Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation