07564ee683a669f542bf29d77bf781860970252f0247aa2bef1cbb92394418b1

General
Target

07564ee683a669f542bf29d77bf781860970252f0247aa2bef1cbb92394418b1

Size

1MB

Sample

220521-w9d86seebj

Score
10 /10
MD5

847de2893a3630caa1bffa421eadfc89

SHA1

bfba0088bdbc443dd718faa04b88d49f687867dc

SHA256

07564ee683a669f542bf29d77bf781860970252f0247aa2bef1cbb92394418b1

SHA512

a2e4865b57f2cb2075a05bf96d7669f774eec6d52a3b8ed236d40d736f068dd9d31fd7acaf1c3c2cc0771e3b30df41c2ae027c78ddfaffc6f1c6ac6cd774f9e1

Malware Config

Extracted

Family lokibot
C2

http://rnarport.com/deal/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets
Target

SOA_#BA520865 APR20pdf.exe

MD5

3a50e24228e23c190eaa02a703c4dcf8

Filesize

1MB

Score
10/10
SHA1

c2d3f4bcc3a0ea2d490d0321d8936a9f93aaf233

SHA256

3b41268c22f208d755b5c6c9925088a6c5ff68a75e5cc003f574749c9f599a54

SHA512

5adfc8025ee84b29dcd896718ce72ef893376e72013ebfaedeb3511a7dc7457af306a3c45d57cfee5c84305ee123aaec39091705d61e72c84f79823e2e01a8a9

Tags

Signatures

  • Lokibot

    Description

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    Tags

  • suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

    Description

    suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

    Tags

  • suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2

    Description

    suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2

    Tags

  • suricata: ET MALWARE LokiBot Checkin

    Description

    suricata: ET MALWARE LokiBot Checkin

    Tags

  • suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1

    Description

    suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1

    Tags

  • suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2

    Description

    suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2

    Tags

  • suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

    Description

    suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

    Tags

  • Accesses Microsoft Outlook profiles

    Tags

    TTPs

    Email Collection
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
Command and Control
    Credential Access
      Defense Evasion
        Discovery
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation