QUOTATION22110577.exe

General
Target

QUOTATION22110577.exe

Size

394KB

Sample

201126-1p8wlke372

Score
10 /10
MD5

025c9e5be7bf95f51225106ef7e7f7b9

SHA1

c080a077177bd72e4e05d6edba282b7ca5b026e2

SHA256

d346086418bbd48dabcfb8ea48bad551ec66d79c3c0a2e198cd3a1083a80057f

SHA512

9564652112dc3f13dee4ffbc49f2dce62a2dfc17e0698d216f408253531867579af29f3b62b6cd0419d7cacaa67f65aafd52c9d2f3a833455532aa26f8310817

Malware Config

Extracted

Family lokibot
C2

http://greenitylogistics.com/scss/bootstrap/mixinss/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets
Target

QUOTATION22110577.exe

MD5

025c9e5be7bf95f51225106ef7e7f7b9

Filesize

394KB

Score
10 /10
SHA1

c080a077177bd72e4e05d6edba282b7ca5b026e2

SHA256

d346086418bbd48dabcfb8ea48bad551ec66d79c3c0a2e198cd3a1083a80057f

SHA512

9564652112dc3f13dee4ffbc49f2dce62a2dfc17e0698d216f408253531867579af29f3b62b6cd0419d7cacaa67f65aafd52c9d2f3a833455532aa26f8310817

Tags

Signatures

  • Lokibot

    Description

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    Tags

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10