Overview

overview

10

Static

static

4fcb2d6dd4...93.exe

windows7_x64

10

4fcb2d6dd4...93.exe

windows10_x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    4fcb2d6dd4e6699e31ef782cdb40bdf65c388311c72952702e8f3024c46c2793.exe

  • Size

    263KB

  • Sample

    200709-txhzxwke66

  • MD5

    e1204f68e985164c7c87828095f5bcb6

  • SHA1

    67e5b6c6c5cd7f5fc50d63063de04db9ddfd218e

  • SHA256

    4fcb2d6dd4e6699e31ef782cdb40bdf65c388311c72952702e8f3024c46c2793

  • SHA512

    015962a5572986be335ea9e6691573a3396ee3864fb5b3b7da1f462127b102aef27a772b9b881802e2256edc52ba63c8476d7119326f81797381f3c3f30113d9

Score
10/10
lokibotspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://195.69.140.147/.op/cr.php/vms5lZmxPBbEN

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

�t~��

Targets

    • Target

      4fcb2d6dd4e6699e31ef782cdb40bdf65c388311c72952702e8f3024c46c2793.exe

    • Size

      263KB

    • MD5

      e1204f68e985164c7c87828095f5bcb6

    • SHA1

      67e5b6c6c5cd7f5fc50d63063de04db9ddfd218e

    • SHA256

      4fcb2d6dd4e6699e31ef782cdb40bdf65c388311c72952702e8f3024c46c2793

    • SHA512

      015962a5572986be335ea9e6691573a3396ee3864fb5b3b7da1f462127b102aef27a772b9b881802e2256edc52ba63c8476d7119326f81797381f3c3f30113d9

    Score
    10/10
    spywaretrojanstealerlokibot

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks