Overview

overview

10

Static

static

3

MV MAXIMA_pdf.rar

windows10-2004-x64

3

MV MAXIMA_pdf.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MV MAXIMA_pdf.rar

  • Size

    141KB

  • Sample

    240806-hgahmasbrp

  • MD5

    ef39c7b820336245a93068e297534eb7

  • SHA1

    f7cc01e37764f87139d5e523076905d125b4d7df

  • SHA256

    ce0767eacdce08d719800037a1a4970aaf6a7ddc48807d718f1ced34bc1b6666

  • SHA512

    2d3cc9aab9bce5d6955561bdd5ec02bf3c84d283332eeebb40c0e889a30dc1569518f2b7641d37d31c626ad227538d4c48b6722afe88df6ae2c5d6beb770ae57

  • SSDEEP

    3072:weWfzN1qA+QEO3fVOZymgv1XY7ZKOHrJkA24ExqIvYU0zCrGNcY3HH:weoNmQEasZymgdXYFK+uAPEwFPzj3

Score
10/10
lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://werdotx.shop/DOT/PWS/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      MV MAXIMA_pdf.rar

    • Size

      141KB

    • MD5

      ef39c7b820336245a93068e297534eb7

    • SHA1

      f7cc01e37764f87139d5e523076905d125b4d7df

    • SHA256

      ce0767eacdce08d719800037a1a4970aaf6a7ddc48807d718f1ced34bc1b6666

    • SHA512

      2d3cc9aab9bce5d6955561bdd5ec02bf3c84d283332eeebb40c0e889a30dc1569518f2b7641d37d31c626ad227538d4c48b6722afe88df6ae2c5d6beb770ae57

    • SSDEEP

      3072:weWfzN1qA+QEO3fVOZymgv1XY7ZKOHrJkA24ExqIvYU0zCrGNcY3HH:weoNmQEasZymgdXYFK+uAPEwFPzj3

    Score
    3/10
    behavioral1

    • Target

      MV MAXIMA_pdf.exe

    • Size

      317KB

    • MD5

      8625ee224eabe551094b1608e9919d6e

    • SHA1

      8eb8ef4b3a9e590588115613b7296355290daf6f

    • SHA256

      7dba6063a64ca29963a57881589dbb513c94a77766d98e67bd6bab790e07209a

    • SHA512

      04dac907db97080a42ce27ef416c40ca72a3450653aaffa65f292096215c61d2eeabdc4566d1011584fb4625b699b1edb7675fd1f3c19c9ec3cfb0f898f7e972

    • SSDEEP

      3072:bZCQr5nK4Uid534hUSZ/vJzZ8nzCF+qosNI27BV3yvNRNK5BddNvHTt:NFnbt3420/vJ98zg/BVCv4tdVT

    Score
    10/10
    lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral2

MITRE ATT&CK Enterprise v15

Tasks