Overview

overview

10

Static

static

DRAFT_DOCS...df.exe

windows7-x64

10

DRAFT_DOCS...df.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DRAFT_DOCS_INVCK2023M1903_BL_PL_Pdf.rar

  • Size

    505KB

  • Sample

    230130-jx7czabc6s

  • MD5

    08fee7c5e3725c9f8c5c300e59e8bf73

  • SHA1

    382b49467f17ef32b446d4627c871be1ff4db8a1

  • SHA256

    a65a7eb623aa928f2f839856de564ac3f026c8601fa1410cb879829f9cc1eb70

  • SHA512

    53d0da04f42331b59b14e791ef3173e933cd635ef257034b155ba841719ab3b3c8e9ca61005cd241bfa8b55ea01711510fd8a07689d4c342ba0f268de2ec0809

  • SSDEEP

    12288:F9f1SDUiFNry0ps4IkBRjSDbv2xAScKyO8mJjs:F51N4dy0fI0aT2YY8mJjs

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://171.22.30.147/gk1/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      DRAFT_DOCS_INVCK2023M1903_BL_PL_Pdf.exe

    • Size

      587KB

    • MD5

      7fd475ea79dc131001cb334373f96c74

    • SHA1

      256701edda96f60211fb90cd0e093dddbbf8c56d

    • SHA256

      a28a0ee3b401e64c2ae8b1bf74af6774e8656dea3f9644bc31eda735db810733

    • SHA512

      aee9e155553f97f7dbb76348b95c4d5c167dc25c12c1d157920025f55229e3c0f1b51bb2ab08bf6acdb872efc6b2192752f15fada463b3da2d45cdf63bfb0198

    • SSDEEP

      12288:7xdIyV1ycKTpnmlmBpsKRl9aOoHzbWeh3ih9H1A:9m4gcKTJTpsOaOgBYTe

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks