09c2593aad9cf3a021a9224c5adf7312459a26b87ead3d737ef6a3d73504bd06

Target

Size

991KB

Sample

220521-w9lm9aeebr

Score

10 ^/10

MD5

b650d2a7c5a71109cf872ad301c424d4

SHA1

08e3f4f8d920bad2b87b0fa6f9ec9aaa89cd5384

SHA256

09c2593aad9cf3a021a9224c5adf7312459a26b87ead3d737ef6a3d73504bd06

SHA512

c2abb72202ff643dc031aaa3b290b68c1a8267b9057116a7601cfe5e383e18a5840a5a7a017a157548777327ff347428be3967746fe6661995c3c1f28013be42

Extracted

Family	lokibot
C2	http://rnarport.com/deal/five/fre.php http://kbfvzoboss.bid/alien/fre.php http://alphastand.trade/alien/fre.php http://alphastand.win/alien/fre.php http://alphastand.top/alien/fre.php http://rnarport.com/deal/five/fre.php http://kbfvzoboss.bid/alien/fre.php http://alphastand.trade/alien/fre.php http://alphastand.win/alien/fre.php http://alphastand.top/alien/fre.php

Target

SOA_#BA520865 APR20pdf.exe

MD5

651f7592df60c78259741d1452987807

Filesize

1MB

Score

10^/10

SHA1

e4a39cb28f1275bd13dd357ce5592f4dc975268f

SHA256

fba2d704c11e4e6016da0acc631c12bb8ded89d3c46eb5469aa98988844f8b7e

SHA512

c438fc13a08ac1b27004a92d818341c1151b7df74fe3c0514636d087044b82e20f1d451acc05554e96a2265a1e10eb704a3feccb46ed8660a75c49d5b1daf4b4

Signatures

Lokibot
Description

Lokibot is a Password and CryptoCoin Wallet Stealer.
Tags

trojan spyware stealer lokibot
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
Description

suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
Tags

suricata
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
Description

suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
Tags

suricata
suricata: ET MALWARE LokiBot Checkin
Description

suricata: ET MALWARE LokiBot Checkin
Tags

suricata
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
Description

suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
Tags

suricata
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
Description

suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
Tags

suricata
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
Description

suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
Tags

suricata
Accesses Microsoft Outlook profiles
Tags

collection

TTPs

Email Collection
Suspicious use of SetThreadContext

Related Tasks

behavioral1 behavioral2

Collection

Email Collection

Command and Control

Credential Access

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

5^/10

behavioral1

lokibot collection spyware stealer suricata trojan

10^/10

behavioral2

lokibot collection spyware stealer suricata trojan

10^/10

Extracted

Tags

Signatures

Lokibot

Description

Tags

suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

Description

Tags

suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2

Description

Tags

suricata: ET MALWARE LokiBot Checkin

Description

Tags

suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1

Description

Tags

suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2

Description

Tags

suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

Description

Tags

Accesses Microsoft Outlook profiles

Tags

TTPs

Suspicious use of SetThreadContext

Related Tasks

static1

behavioral1

behavioral2