7b95e7c4b726fb678571f965327eb05c.exe

General
Target

7b95e7c4b726fb678571f965327eb05c.exe

Size

145KB

Sample

210408-b87ard98ws

Score
10 /10
MD5

7b95e7c4b726fb678571f965327eb05c

SHA1

e2afad566ae8d7929cad0ebc8272d9202700a334

SHA256

90264601dc078ff9628a36dcca7a4ca0c65c7c68315601f6688f2690847fdab7

SHA512

4d96cb34c39568b608087f65083e18ed30fbe36666cb2d52a10fde3289b36619a5f884d47637cef953f4a4d48278d54577e7749ef92d34aa533ec7b670320194

Malware Config

Extracted

Family lokibot
C2

http://amrp.tw/ozi/gate.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets
Target

7b95e7c4b726fb678571f965327eb05c.exe

MD5

7b95e7c4b726fb678571f965327eb05c

Filesize

145KB

Score
10 /10
SHA1

e2afad566ae8d7929cad0ebc8272d9202700a334

SHA256

90264601dc078ff9628a36dcca7a4ca0c65c7c68315601f6688f2690847fdab7

SHA512

4d96cb34c39568b608087f65083e18ed30fbe36666cb2d52a10fde3289b36619a5f884d47637cef953f4a4d48278d54577e7749ef92d34aa533ec7b670320194

Tags

Signatures

  • Lokibot

    Description

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    Tags

  • Loads dropped DLL

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Execution
            Exfiltration
              Impact
                Initial Access
                  Lateral Movement
                    Persistence
                      Privilege Escalation
                        Tasks

                        static1

                        1/10

                        behavioral1

                        10/10

                        behavioral2

                        10/10