Overview

overview

10

Static

static

8b0430a07f...3d.exe

windows7_x64

10

8b0430a07f...3d.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8b0430a07fde0e6cb2671d1781b793f576b074b29b7a5fc0d386699196fc8c3d

  • Size

    928KB

  • Sample

    220701-feskbaedd9

  • MD5

    f2a09b857dd0be2fb1ca8aa185cdf9c4

  • SHA1

    0d20f70a89205add005a91b86e7cf956f9d75dac

  • SHA256

    8b0430a07fde0e6cb2671d1781b793f576b074b29b7a5fc0d386699196fc8c3d

  • SHA512

    095dea085da94f97f19671816140b89c145770bb60db803b681d5508ffdae74d1576e1c43e7eae934324411a7cc2bf78a8f94ccb433ab6d6df718cea01fcaf62

Score
10/10
lokibotcollectionpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      8b0430a07fde0e6cb2671d1781b793f576b074b29b7a5fc0d386699196fc8c3d

    • Size

      928KB

    • MD5

      f2a09b857dd0be2fb1ca8aa185cdf9c4

    • SHA1

      0d20f70a89205add005a91b86e7cf956f9d75dac

    • SHA256

      8b0430a07fde0e6cb2671d1781b793f576b074b29b7a5fc0d386699196fc8c3d

    • SHA512

      095dea085da94f97f19671816140b89c145770bb60db803b681d5508ffdae74d1576e1c43e7eae934324411a7cc2bf78a8f94ccb433ab6d6df718cea01fcaf62

    Score
    10/10
    lokibotcollectionpersistencespywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks