57d6ee60faf10320d9fd37d58aeec59e6735366afece642579ab6d9743c1731b.exe

General
Target

57d6ee60faf10320d9fd37d58aeec59e6735366afece642579ab6d9743c1731b.exe

Size

964KB

Sample

210421-y2x4htl9qs

Score
10 /10
MD5

71a14ce0723e4de96846bf22eed49d20

SHA1

14340d510faa92bd38ef6ec98e74f5845d37a451

SHA256

57d6ee60faf10320d9fd37d58aeec59e6735366afece642579ab6d9743c1731b

SHA512

4ff0b16cfe84f3c1b57638617f1eb9c332df95a531cd33f84dfde1987dc53d4ef1298dbfec33edac69d87844fefdb7d7f55519ae1c27ead2568551f50b27d728

Malware Config

Extracted

Family lokibot
C2

http://amrp.tw/kayo/gate.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets
Target

57d6ee60faf10320d9fd37d58aeec59e6735366afece642579ab6d9743c1731b.exe

MD5

71a14ce0723e4de96846bf22eed49d20

Filesize

964KB

Score
10 /10
SHA1

14340d510faa92bd38ef6ec98e74f5845d37a451

SHA256

57d6ee60faf10320d9fd37d58aeec59e6735366afece642579ab6d9743c1731b

SHA512

4ff0b16cfe84f3c1b57638617f1eb9c332df95a531cd33f84dfde1987dc53d4ef1298dbfec33edac69d87844fefdb7d7f55519ae1c27ead2568551f50b27d728

Tags

Signatures

  • Lokibot

    Description

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    Tags

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10