c9699446a6c1d02ed56cb9778e696854815659242bd3a55010736b23b04ab138

General
Target

c9699446a6c1d02ed56cb9778e696854815659242bd3a55010736b23b04ab138

Size

813KB

Sample

220521-w8ylesbbg8

Score
10 /10
MD5

c1332c2ff2f9eb871570f5c031d8d217

SHA1

9e868ba85e3d0adf1a50f05955c16fed24834ca9

SHA256

c9699446a6c1d02ed56cb9778e696854815659242bd3a55010736b23b04ab138

SHA512

81c53bc151baa8bcff803e458d7374afcad2c0c807c906a7e909c17aa27f9fee834d9964c64c4750aa81c04c3d8c3947d8b6887f409eb0b833124fd13f91d0e4

Malware Config

Extracted

Family lokibot
C2

http://oneflextiank.com/cream/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets
Target

S8872_PDF.exe

MD5

d76cb6054119c4a62dd9edd2239645d2

Filesize

1MB

Score
10/10
SHA1

90fc7d4e5e82f7fefe505ca0c037c59ac73d8ded

SHA256

27534ee3bfdbfc3b5bfb4b61237354d3d529822b0b64789528c1a8c2ae455318

SHA512

db0fede878be7a6d0e2a739fd60957f0ca514ed400835c06e39622c13cfd4c62b7cbc25f7c31bca339adf32eb88d515af55db3bc23d2cadc1b0003db8dfdb211

Tags

Signatures

  • Lokibot

    Description

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    Tags

  • suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

    Description

    suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

    Tags

  • suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2

    Description

    suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2

    Tags

  • suricata: ET MALWARE LokiBot Checkin

    Description

    suricata: ET MALWARE LokiBot Checkin

    Tags

  • suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

    Description

    suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

    Tags

  • Accesses Microsoft Outlook profiles

    Tags

    TTPs

    Email Collection
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
Command and Control
    Credential Access
      Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation