Overview

overview

10

Static

static

2b419f986e...a1.exe

windows7_x64

6

2b419f986e...a1.exe

windows10_x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    2b419f986ea266fa5826fbb6858782f7c2acfda73aa5ec5cb21d64537d6a4ea1.exe

  • Size

    701KB

  • Sample

    200717-9c1l4p35f2

  • MD5

    5b71d24c0e55eb1acf9828187fc08b7b

  • SHA1

    1fa2c5c7b30cbe37373207ab195fc967b2e4c66f

  • SHA256

    2b419f986ea266fa5826fbb6858782f7c2acfda73aa5ec5cb21d64537d6a4ea1

  • SHA512

    9deef664040a3feb37759b1dbc33ad66b212dcf7c7ddc1b9e13c6c09b94f85ad81bb4600d9a51e92520c4a6ae1d2e65181039de5c437661b6f80a1db866cfb9c

Score
10/10
lokibotpersistencespywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://kranement.ml/wealth/five/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      2b419f986ea266fa5826fbb6858782f7c2acfda73aa5ec5cb21d64537d6a4ea1.exe

    • Size

      701KB

    • MD5

      5b71d24c0e55eb1acf9828187fc08b7b

    • SHA1

      1fa2c5c7b30cbe37373207ab195fc967b2e4c66f

    • SHA256

      2b419f986ea266fa5826fbb6858782f7c2acfda73aa5ec5cb21d64537d6a4ea1

    • SHA512

      9deef664040a3feb37759b1dbc33ad66b212dcf7c7ddc1b9e13c6c09b94f85ad81bb4600d9a51e92520c4a6ae1d2e65181039de5c437661b6f80a1db866cfb9c

    Score
    10/10
    persistencespywaretrojanstealerlokibot

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks