99cf59c32e63c462f895449382f0243085f4a85f482b325d9457149bc7cfadd7.exe

General
Target

99cf59c32e63c462f895449382f0243085f4a85f482b325d9457149bc7cfadd7.exe

Size

429KB

Sample

210422-mmc1q9k3tn

Score
10 /10
MD5

6c365e31b3349b4f5c58faf788c819bf

SHA1

5e4aa21fd51a9096902aa23c821ae42704550074

SHA256

99cf59c32e63c462f895449382f0243085f4a85f482b325d9457149bc7cfadd7

SHA512

ad0a4da38a211279b5f35ddfb82626ffab112630846c7149ca7aabcb73a761492de2a6481c2cfed1107f34551aba1e75ab2b764f78fd79ff7828c1401e1990fc

Malware Config

Extracted

Family lokibot
C2

https://yarpa.lt/money/Panel/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets
Target

99cf59c32e63c462f895449382f0243085f4a85f482b325d9457149bc7cfadd7.exe

MD5

6c365e31b3349b4f5c58faf788c819bf

Filesize

429KB

Score
10 /10
SHA1

5e4aa21fd51a9096902aa23c821ae42704550074

SHA256

99cf59c32e63c462f895449382f0243085f4a85f482b325d9457149bc7cfadd7

SHA512

ad0a4da38a211279b5f35ddfb82626ffab112630846c7149ca7aabcb73a761492de2a6481c2cfed1107f34551aba1e75ab2b764f78fd79ff7828c1401e1990fc

Tags

Signatures

  • Lokibot

    Description

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    Tags

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10