Analysis
-
max time kernel
135s -
max time network
139s -
platform
windows7_x64 -
resource
win7-20220414-en -
submitted
01-07-2022 21:47
General
-
Target
130eebf2b017668c9f3be268ebf894fe.exe
-
Size
104KB
-
MD5
130eebf2b017668c9f3be268ebf894fe
-
SHA1
f5dffabac90a595a1fc494f5ceb2919c50faebfe
-
SHA256
80405e9843f9dfc747620957c12880425bdcf79a0f0bc7ec17b85576c9c0952a
-
SHA512
a943a1fe67a8cb1286230944f2e41103c4d894461b672eb75c0d23adc726a76162c11a1ddd1d57307f1aeb8f697af2677deb44f86a46b3bbe31964707515293f
Malware Config
Signatures
-
Lokibot
Lokibot is a Password and CryptoCoin Wallet Stealer.
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
-
suricata: ET MALWARE LokiBot Checkin
suricata: ET MALWARE LokiBot Checkin
-
suricata: ET MALWARE LokiBot Fake 404 Response
suricata: ET MALWARE LokiBot Fake 404 Response
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
-
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
-
Suspicious behavior: RenamesItself 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
outlook_office_path 1 IoCs
-
outlook_win_path 1 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\130eebf2b017668c9f3be268ebf894fe.exe"C:\Users\Admin\AppData\Local\Temp\130eebf2b017668c9f3be268ebf894fe.exe"1⤵
- Accesses Microsoft Outlook profiles
- Suspicious behavior: RenamesItself
- Suspicious use of AdjustPrivilegeToken
- outlook_office_path
- outlook_win_path
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
memory/2024-54-0x0000000074DD1000-0x0000000074DD3000-memory.dmpFilesize
8KB