Overview

overview

10

Static

static

e336780f33...38.exe

windows7_x64

6

e336780f33...38.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e336780f3321d06dfea57c94467d65e0ab2ab92d77c0267cf17b8d51359a5e38.exe

  • Size

    701KB

  • Sample

    200717-pfchg6hfba

  • MD5

    7da72e4e2a596ab29f1c082ef1802564

  • SHA1

    dfcb8c055a895f0e8593b471f57a7fd0e62c5d4f

  • SHA256

    e336780f3321d06dfea57c94467d65e0ab2ab92d77c0267cf17b8d51359a5e38

  • SHA512

    e8f4a8e175be4edab2e58e9adcdbbc37027768f9793f1705559a7f1bdd59b0f8dcf2433b157f28f847f4eb4656739220c910132a628549f9e1a1160568936f7e

Score
10/10
lokibotpersistencespywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://kranement.gq/wealth/five/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      e336780f3321d06dfea57c94467d65e0ab2ab92d77c0267cf17b8d51359a5e38.exe

    • Size

      701KB

    • MD5

      7da72e4e2a596ab29f1c082ef1802564

    • SHA1

      dfcb8c055a895f0e8593b471f57a7fd0e62c5d4f

    • SHA256

      e336780f3321d06dfea57c94467d65e0ab2ab92d77c0267cf17b8d51359a5e38

    • SHA512

      e8f4a8e175be4edab2e58e9adcdbbc37027768f9793f1705559a7f1bdd59b0f8dcf2433b157f28f847f4eb4656739220c910132a628549f9e1a1160568936f7e

    Score
    10/10
    persistencetrojanspywarestealerlokibot

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks