Overview

overview

10

Static

static

10

Approved P...ix.exe

windows7-x64

10

Approved P...ix.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    124s
  • max time network
    129s
  • platform
    windows7_x64
  • resource
    win7-20231023-en
  • resource tags

    arch:x64arch:x86image:win7-20231023-enlocale:en-usos:windows7-x64system
  • submitted
    11/12/2023, 14:00

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Approved PO No.109480 Dt.04Dec2023 - Phoenix.exe

  • Size

    104KB

  • MD5

    d49f8697ee24ce96c4ec80260c239636

  • SHA1

    950ead1ef830bbdb19064b9a8b62dba765418563

  • SHA256

    cecf830723d721cfa371e63df9576c5d5cdba53d2dda7c2d8db320f82cb4d4a5

  • SHA512

    3c9bb34b20041086435b50389dc07f418f5ee68f5ba4bc87a60327d3fa1b14745e91004b9c925a74a4b6068c49f438cde105b0483cb987e3f3303c9441f6e0b2

  • SSDEEP

    1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Signatures

  • Lokibot

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    trojanspywarestealerlokibot
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Accesses Microsoft Outlook profiles 1 TTPs 3 IoCs
    collection
  • Suspicious behavior: RenamesItself 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • outlook_office_path 1 IoCs
  • outlook_win_path 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Approved PO No.109480 Dt.04Dec2023 - Phoenix.exe
    "C:\Users\Admin\AppData\Local\Temp\Approved PO No.109480 Dt.04Dec2023 - Phoenix.exe"
    1⤵
    • Accesses Microsoft Outlook profiles
    • Suspicious behavior: RenamesItself
    • Suspicious use of AdjustPrivilegeToken
    • outlook_office_path
    • outlook_win_path
    PID:2892

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2085049433-1067986815-1244098655-1000\0f5007522459c86e95ffcc62f32308f1_d03af81f-989e-4c12-8706-72a6bc079a7b
    Filesize

    46B

    MD5

    d898504a722bff1524134c6ab6a5eaa5

    SHA1

    e0fdc90c2ca2a0219c99d2758e68c18875a3e11e

    SHA256

    878f32f76b159494f5a39f9321616c6068cdb82e88df89bcc739bbc1ea78e1f9

    SHA512

    26a4398bffb0c0aef9a6ec53cd3367a2d0abf2f70097f711bbbf1e9e32fd9f1a72121691bb6a39eeb55d596edd527934e541b4defb3b1426b1d1a6429804dc61

    Download Submit

  • C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2085049433-1067986815-1244098655-1000\0f5007522459c86e95ffcc62f32308f1_d03af81f-989e-4c12-8706-72a6bc079a7b
    Filesize

    46B

    MD5

    c07225d4e7d01d31042965f048728a0a

    SHA1

    69d70b340fd9f44c89adb9a2278df84faa9906b7

    SHA256

    8c136c7ae08020ad16fd1928e36ad335ddef8b85906d66b712fff049aa57dc9a

    SHA512

    23d3cea738e1abf561320847c39dadc8b5794d7bd8761b0457956f827a17ad2556118b909a3e6929db79980ccf156a6f58ac823cf88329e62417d2807b34b64b

    Download Submit