Overview

overview

10

Static

static

AWB Incomi...EA.exe

windows7_x64

10

AWB Incomi...EA.exe

windows10_x64

3

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AWB Incoming (ETA 0807 G.W 18.60 kgnet ) Delivery from GUMTEC-KOREA.exe

  • Size

    432KB

  • Sample

    200729-dte9f7kxpn

  • MD5

    90f5e1b5dc5acd24ca59661754b3f288

  • SHA1

    3c281ca35b555493ae9d2fa63e2ae116e5b336fc

  • SHA256

    c1a4b17148c88714a70ed5274137b99994ee50d5ec98041249aa4925a4528b72

  • SHA512

    7bbb738677638123faf8b25b75020aaf44dfa3b133d93ed8d8bc914e488a678dc5fe14444a0fd3424657192babeec89a3494fc0a9d2062e7946f904ea4e95cbe

Score
10/10
lokibotspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://boeschboddenspies.com/server/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      AWB Incoming (ETA 0807 G.W 18.60 kgnet ) Delivery from GUMTEC-KOREA.exe

    • Size

      432KB

    • MD5

      90f5e1b5dc5acd24ca59661754b3f288

    • SHA1

      3c281ca35b555493ae9d2fa63e2ae116e5b336fc

    • SHA256

      c1a4b17148c88714a70ed5274137b99994ee50d5ec98041249aa4925a4528b72

    • SHA512

      7bbb738677638123faf8b25b75020aaf44dfa3b133d93ed8d8bc914e488a678dc5fe14444a0fd3424657192babeec89a3494fc0a9d2062e7946f904ea4e95cbe

    Score
    10/10
    spywaretrojanstealerlokibot

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks