Overview

overview

10

Static

static

7b8f2be198...28.exe

windows7_x64

10

7b8f2be198...28.exe

windows10_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7b8f2be19853cd2012b78f6fc89301cec921cf95b14a1aa69ebbc9bdb74e0d28.exe

  • Size

    682KB

  • Sample

    200718-ngwzp8c48s

  • MD5

    c3e16f313fe5ffd21ffb677ea325721d

  • SHA1

    e2547f4aa78c2a9e486bfdb12f7f203cdc9b41b0

  • SHA256

    7b8f2be19853cd2012b78f6fc89301cec921cf95b14a1aa69ebbc9bdb74e0d28

  • SHA512

    f4daa235b66c4a7a24804c7339f4f2fca35b589489e80dca07507d3f53da44d70693096da7f43cbfbf8458cc69e066f22efd8a86eb826e0ae70441171192a653

Score
10/10
lokibotspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://kanavagronomy.in/www.kanava/www123/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      7b8f2be19853cd2012b78f6fc89301cec921cf95b14a1aa69ebbc9bdb74e0d28.exe

    • Size

      682KB

    • MD5

      c3e16f313fe5ffd21ffb677ea325721d

    • SHA1

      e2547f4aa78c2a9e486bfdb12f7f203cdc9b41b0

    • SHA256

      7b8f2be19853cd2012b78f6fc89301cec921cf95b14a1aa69ebbc9bdb74e0d28

    • SHA512

      f4daa235b66c4a7a24804c7339f4f2fca35b589489e80dca07507d3f53da44d70693096da7f43cbfbf8458cc69e066f22efd8a86eb826e0ae70441171192a653

    Score
    10/10
    spywaretrojanstealerlokibot

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks