Overview

overview

10

Static

static

1

o.exe

windows7_x64

10

o.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SOA_PDF.gz

  • Size

    160KB

  • Sample

    210226-t2tjxee9js

  • MD5

    6920dc381b371d9632a44f1d287e8f86

  • SHA1

    300c64a07f26f0329ef411144a6e367f958c353a

  • SHA256

    b2282e530e6d31d18be45e07cb8886859c855288e180426624637d096edf38ff

  • SHA512

    32e766966a3f95386097706b85e0aa12fdd111b69cff35a268d45cca8525cba04ef026f31289ed347d11274e5e029a5aa137632d4747c1b5c4192ccca7b204de

Score
10/10
lokibotspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://51.195.53.221/p.php/iJWEYVJs28SOm

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      o.exe

    • Size

      321KB

    • MD5

      6c0ac5e2deeab09dea5f2d5c8e07fdb6

    • SHA1

      ce19bf855d5b7d90c237e6e9ec9f0e0092b22d7a

    • SHA256

      d471d9e0eb791d813362f234522fc410e3de7294fde31bd14d9b42637bf70196

    • SHA512

      cf179865349a22df6007c4b79d5720b75cbbd9ec873fbb3bd34856a428e8fb474ce4c385f9ad40da676bf809e459e1f5ee997df1f97eadfafa0cecad354aae93

    Score
    10/10
    lokibotspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks