Overview

overview

10

Static

static

Scan08_pdf.exe

windows7_x64

10

Scan08_pdf.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ffe67c2f5005a91c9314f5f894d451147ea591d7ca47505a71f8e52d29753de0

  • Size

    365KB

  • Sample

    220521-xfyamabfc9

  • MD5

    6293212359f7b93e61c23470e002bc43

  • SHA1

    7116109ec21e299142270ea7edc65ec5bd1c66d5

  • SHA256

    ffe67c2f5005a91c9314f5f894d451147ea591d7ca47505a71f8e52d29753de0

  • SHA512

    0c491c610a0ccadf3c773a83fe044d642e5ca608156f417b246d13eb2bb5ee978eeec2208ecf5ccaca011741a422e7ced9f8143aaedb12ff8af06c53f05b0f1d

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Targets

    • Target

      Scan08_pdf.exe

    • Size

      581KB

    • MD5

      11a66e8579d364eb7e0128654bd25638

    • SHA1

      85992f5e0b25d4b5a12def481d4a35ca0e566946

    • SHA256

      3b6de85bfdcfac9d315787e62d8891f6b472ca78cc97b12414019b84901433e8

    • SHA512

      a3ef6103f6552512cb4e2dd5bcf006b0f893603dc655482e62296b8790a0c423f3efd71e1ca794c0ceb706b9c1747388a52726a68286a96b4315c34b70ebdc93

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks