Overview

overview

10

Static

static

1

7b95e7c4b7...5c.exe

windows7_x64

10

7b95e7c4b7...5c.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7b95e7c4b726fb678571f965327eb05c.exe

  • Size

    145KB

  • Sample

    210408-b87ard98ws

  • MD5

    7b95e7c4b726fb678571f965327eb05c

  • SHA1

    e2afad566ae8d7929cad0ebc8272d9202700a334

  • SHA256

    90264601dc078ff9628a36dcca7a4ca0c65c7c68315601f6688f2690847fdab7

  • SHA512

    4d96cb34c39568b608087f65083e18ed30fbe36666cb2d52a10fde3289b36619a5f884d47637cef953f4a4d48278d54577e7749ef92d34aa533ec7b670320194

Score
10/10
lokibotspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://amrp.tw/ozi/gate.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      7b95e7c4b726fb678571f965327eb05c.exe

    • Size

      145KB

    • MD5

      7b95e7c4b726fb678571f965327eb05c

    • SHA1

      e2afad566ae8d7929cad0ebc8272d9202700a334

    • SHA256

      90264601dc078ff9628a36dcca7a4ca0c65c7c68315601f6688f2690847fdab7

    • SHA512

      4d96cb34c39568b608087f65083e18ed30fbe36666cb2d52a10fde3289b36619a5f884d47637cef953f4a4d48278d54577e7749ef92d34aa533ec7b670320194

    Score
    10/10
    lokibotspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks