Overview

overview

10

Static

static

Purchase Inquiry.exe

windows7-x64

10

Purchase Inquiry.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Maerskline Receipt.rar

  • Size

    512KB

  • Sample

    221128-kg29raab45

  • MD5

    51e0b6c565bf6b22f2b0e9312332ff69

  • SHA1

    a43dfbd37e48068a2f52343dfbc91e0977ae7c32

  • SHA256

    323dfe748192de2c66729a6b781f73188233d4cf2efef722271499a047847011

  • SHA512

    cdeb107f11e1c53aecf529ef16e43efc5317cd96c489751998f64d057337d6473383cf5783cfff74814f43fa4d7eee4838804c050b873a1d8aa584a6f278f842

  • SSDEEP

    12288:3grEZJp9RgpcEiGxt1Q8p3knv7vk/zIGxKBxdPPeNR1NX9i7agxOv:hZH9RscE/xjQ8p3kI/Uu4jPs1V9Tgcv

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://157.245.36.27/~dokterpol/?page=14914169539334

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      Purchase Inquiry.exe

    • Size

      721KB

    • MD5

      bbf8cc59cbe4cd8d3845c1499335c07f

    • SHA1

      045568cace1af652cf3dea51f561bfe80c0035d7

    • SHA256

      7329528ead7542c9af48aeff33fcfa265731b53ad352af1efc3666911f115090

    • SHA512

      7a26c93971d7470800187fecb2908d377bd2df9aa24fd69b6c6c999746384f37e2cfc13679cef3977e4bb7b833f504ab4c2cbf10bb2883f9d52d711f678f9210

    • SSDEEP

      12288:Be1O4WxovDi23bDIg95lzKogGNkwZ3cYRMdS98MTHRyoY:eIgvxKodMS2MjRpY

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks