Overview

overview

10

Static

static

NEW INQUIR...ER.exe

windows7_x64

10

NEW INQUIR...ER.exe

windows10_x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    NEW INQUIRY PURCHASE ORDER.exe

  • Size

    607KB

  • Sample

    200708-tlmwa3p5n6

  • MD5

    05e06166f7767f1c3d34ad3e4ab3009f

  • SHA1

    a7eaac1d28e5453cfb594977df91ee24ce357195

  • SHA256

    3c4ed32a41025d81f99706a778597aa3dcef8034e81746e04ef197f37e7a25e8

  • SHA512

    f902f9819ba394c2e39b281e159441f6cda6275984bd311971674af991b09ca8797ae9ee32c2e9649641558b2521b18ddb012429f15d91395e498df214517a00

Score
10/10
lokibotspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://195.69.140.147/.op/cr.php/u1DEZ4oVQPK3w

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      NEW INQUIRY PURCHASE ORDER.exe

    • Size

      607KB

    • MD5

      05e06166f7767f1c3d34ad3e4ab3009f

    • SHA1

      a7eaac1d28e5453cfb594977df91ee24ce357195

    • SHA256

      3c4ed32a41025d81f99706a778597aa3dcef8034e81746e04ef197f37e7a25e8

    • SHA512

      f902f9819ba394c2e39b281e159441f6cda6275984bd311971674af991b09ca8797ae9ee32c2e9649641558b2521b18ddb012429f15d91395e498df214517a00

    Score
    10/10
    spywaretrojanstealerlokibot

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks