Overview

overview

10

Static

static

2020mktc-1...f..exe

windows7_x64

10

2020mktc-1...f..exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3dfa57aa568cb93e1e849c8dde2f128986cfe73584cb790ea39d321c5b4ddd41

  • Size

    464KB

  • Sample

    220521-xg8gzsfafk

  • MD5

    41036da5d531ff500ecd7bdddbbdc929

  • SHA1

    933765fa7163a87dfc035bfd17f7dd931b924e23

  • SHA256

    3dfa57aa568cb93e1e849c8dde2f128986cfe73584cb790ea39d321c5b4ddd41

  • SHA512

    a3c003ba50696f6c02f196576b45a518de9656ff4d8afe85cb5f20fd9f32ae9ca8d03afedcc153ca5e4f2a38403b9d14d6c74c12cc39a31ee32ab703a0c0abde

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Targets

    • Target

      2020mktc-1408_pdf..exe

    • Size

      838KB

    • MD5

      36d9a32e28df6ec5f1c5869965072c4d

    • SHA1

      87166b9e9d00ec891129baa8b6f27c418e6c33b8

    • SHA256

      97e6fd03f9586bc8efd90595bef86e593506eb78198cf709428bc7788765774a

    • SHA512

      06eb03d6af42178cee5cfac2cb177394b886d685cca4bb3da14031e50cdf7c5652d5475fe562cbf2e0b7a4a976f545da42df092291acc644490e5646b83b639f

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks