3b56a043cfbecbbe7e9e44e087611ab188feb373f34983c34ab9081b8dba05ed

General
Target

3b56a043cfbecbbe7e9e44e087611ab188feb373f34983c34ab9081b8dba05ed

Size

813KB

Sample

220521-w8seeabbf9

Score
10 /10
MD5

f977094edc9eff242cc8e92c289d6073

SHA1

521211b5398292adc4644a0ee5c89d8f14f25e2e

SHA256

3b56a043cfbecbbe7e9e44e087611ab188feb373f34983c34ab9081b8dba05ed

SHA512

cdd6b2f7ebdabcacb7454b173743fb22ebb358b3c3d08703816d275e6891527f93a0f5d76a5e653477f7572ca9e9bbcf19c64fe3f82556ed1726e77f13559473

Malware Config

Extracted

Family lokibot
C2

http://attlogistics-vn.com/first/chief2/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets
Target

Scan_Doc_pdf.exe

MD5

a7dcee077701d97ff5033795462f611c

Filesize

1MB

Score
10/10
SHA1

85bd384e1624fa1af899f0f33f584ac240a6fb28

SHA256

79129af7eeae9ebb06e1e77ceb732e24565771282c1381b15a3f19721936b84c

SHA512

acff59bb08c15c9c77e6bf517b1badd31fb690d5cc2793d43115ae3167837b07d2c4aa17633a9bfe3fb3bc3df8d386192153fc84eaf91b202908378254b1ffbc

Tags

Signatures

  • Lokibot

    Description

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    Tags

  • Accesses Microsoft Outlook profiles

    Tags

    TTPs

    Email Collection
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
Command and Control
    Credential Access
      Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        5/10