Overview

overview

10

Static

static

Docs-Scan0...df.exe

windows7_x64

10

Docs-Scan0...df.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2fa379a6aa2289a1802e364dc940f38bde30aa6096376e901926c16a822eb591

  • Size

    361KB

  • Sample

    220521-xhdc8sbgc4

  • MD5

    176d62682de45ffa920eb0d8c01b0303

  • SHA1

    66336741af2298be6d30ad68a10034cda0f4075e

  • SHA256

    2fa379a6aa2289a1802e364dc940f38bde30aa6096376e901926c16a822eb591

  • SHA512

    7b11d6ac6417319e8e16ea593023f81e0943d803267dcc9e892ba9447511db981615a9c1169197ae697797bf44ec1ee8489a295fd40dce9e26e256f4e39e83f2

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Targets

    • Target

      Docs-Scan011105_pdf.exe

    • Size

      612KB

    • MD5

      6ed2f249e986cdd33db4b36fd4e522ad

    • SHA1

      3e61eef9277cb8b6490ed515d739b358f8de9b09

    • SHA256

      fc849ef113b6dfd401b03e989e2888e30c62af7938347a2bbca04153f5b36249

    • SHA512

      c7603d3b9f779dcdffb2de1b54eb75df6608db253f61ca2ec9772c801cfb028fd63691737f60f4d21b0e0752ee3f81e2bf2bd7c00628b61485e768284e9b0fc1

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks