b08e82fea6d6300d47f78a2a54aa95da15112e037e292e452d4f63c5cb6de676.exe

General
Target

b08e82fea6d6300d47f78a2a54aa95da15112e037e292e452d4f63c5cb6de676.exe

Size

846KB

Sample

210421-btsgvl1fma

Score
10 /10
MD5

e31802832554364edd0212a9dc61d0f5

SHA1

2ef0e361e1dcc9b4872a862d01ef95f40d6f7557

SHA256

b08e82fea6d6300d47f78a2a54aa95da15112e037e292e452d4f63c5cb6de676

SHA512

a882ca244b08e620a84f646d502d9db95f038e3df0ca6295f3626498b4aa653a7ed664ce4e528f303945cb64e0f27f94059a4a0b02c99f78056c939d87d023dc

Malware Config

Extracted

Family lokibot
C2

http://amrp.tw/engr/gate.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets
Target

b08e82fea6d6300d47f78a2a54aa95da15112e037e292e452d4f63c5cb6de676.exe

MD5

e31802832554364edd0212a9dc61d0f5

Filesize

846KB

Score
10 /10
SHA1

2ef0e361e1dcc9b4872a862d01ef95f40d6f7557

SHA256

b08e82fea6d6300d47f78a2a54aa95da15112e037e292e452d4f63c5cb6de676

SHA512

a882ca244b08e620a84f646d502d9db95f038e3df0ca6295f3626498b4aa653a7ed664ce4e528f303945cb64e0f27f94059a4a0b02c99f78056c939d87d023dc

Tags

Signatures

  • Lokibot

    Description

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    Tags

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10