Overview

overview

10

Static

static

Fluxo de Caixa.exe

windows7-x64

10

Fluxo de Caixa.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Fluxo de Caixa.exe

  • Size

    371KB

  • Sample

    221004-qaxnksbac2

  • MD5

    01b936cf783fe182a628c65e70dfebd9

  • SHA1

    273ca25fc53e1e07aa2e398bb5850c1c75863bc5

  • SHA256

    9d3a6225b5afb12815d37e34f88cf8d33d366c401bb53ae23a75599361e33bde

  • SHA512

    dd3134c70d933ff9dffc280d2992776776b5e257846884dacd6fbb077a455ebeb5158e27da6b5dd0c0083d82f3c5399abb6e7a6da91daeff4f73d0b7cb148bc3

  • SSDEEP

    6144:lTouKrWBEu3/Z2lpGDHU3ykJ1tC/a02zubNdw0I:lToPWBv/cpGrU3y8tGgubNd6

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Targets

    • Target

      Fluxo de Caixa.exe

    • Size

      371KB

    • MD5

      01b936cf783fe182a628c65e70dfebd9

    • SHA1

      273ca25fc53e1e07aa2e398bb5850c1c75863bc5

    • SHA256

      9d3a6225b5afb12815d37e34f88cf8d33d366c401bb53ae23a75599361e33bde

    • SHA512

      dd3134c70d933ff9dffc280d2992776776b5e257846884dacd6fbb077a455ebeb5158e27da6b5dd0c0083d82f3c5399abb6e7a6da91daeff4f73d0b7cb148bc3

    • SSDEEP

      6144:lTouKrWBEu3/Z2lpGDHU3ykJ1tC/a02zubNdw0I:lToPWBv/cpGrU3y8tGgubNd6

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Executes dropped EXE

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks