fd41408ce6324cdd9c83dddc2d3ae6082a78c832225e71fa00a9f858973a99ca

General
Target

fd41408ce6324cdd9c83dddc2d3ae6082a78c832225e71fa00a9f858973a99ca

Size

813KB

Sample

220521-w8xzwsbbg7

Score
10 /10
MD5

0935e80936f684e54bee5d15ff6b3b19

SHA1

3c4f80c04c4007ccd412a83ee7abdb7f76ca81c3

SHA256

fd41408ce6324cdd9c83dddc2d3ae6082a78c832225e71fa00a9f858973a99ca

SHA512

1067d6190d1d8be1c3f925118d464688ab7ce30dc7f46293e22d0354ff250f797b2a235a7af387525bbbd3f751c52d676594bdcd01cefb8d6efdf06552049aa1

Malware Config

Extracted

Family lokibot
C2

http://lapphoungshoes.com/dino/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets
Target

KYOCERA_892958476_05_2020.exe

MD5

983b3f2a326aa8a8c1502bdebb6211bb

Filesize

1MB

Score
10/10
SHA1

593928ba1bae091330a4473675917414b98798c3

SHA256

e0e899627677a5191b45c3da7da2f9c83e5840e45b70142816ccc7c18d5b4ada

SHA512

1fbe90a48c8256e908009b32a02fbc81783c45adaae5451adc4b8f20f1f75a92209a7b90cd870868cf067467be1db52e1f0c5a369ddc2cb4ed0d106cdb37fbbf

Tags

Signatures

  • Lokibot

    Description

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    Tags

  • suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

    Description

    suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

    Tags

  • suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2

    Description

    suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2

    Tags

  • suricata: ET MALWARE LokiBot Checkin

    Description

    suricata: ET MALWARE LokiBot Checkin

    Tags

  • suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

    Description

    suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

    Tags

  • Accesses Microsoft Outlook profiles

    Tags

    TTPs

    Email Collection
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
Command and Control
    Credential Access
      Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation