Overview

overview

10

Static

static

1

bc342f9679...e5.exe

windows7_x64

10

bc342f9679...e5.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    bc342f9679aeab723916338bce061ae5.exe

  • Size

    148KB

  • Sample

    210423-ajk8zakw7x

  • MD5

    bc342f9679aeab723916338bce061ae5

  • SHA1

    883248ca2481b280aa53047a1aa77009321fdcae

  • SHA256

    5d96ff0fc3e6847c93e28bce3c25bce90dd5401fc147def6ee33c5d90bfb3add

  • SHA512

    f3b8cd24788fca6fd6219ad98652d662668388c7f7b610d7535201e4ff8b1d211b3a0e75e607776b6f842b42d084e6782e485338aa775030ea0a078d43a50908

Score
10/10
lokibotspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://meirback.co.uk/Bn1/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      bc342f9679aeab723916338bce061ae5.exe

    • Size

      148KB

    • MD5

      bc342f9679aeab723916338bce061ae5

    • SHA1

      883248ca2481b280aa53047a1aa77009321fdcae

    • SHA256

      5d96ff0fc3e6847c93e28bce3c25bce90dd5401fc147def6ee33c5d90bfb3add

    • SHA512

      f3b8cd24788fca6fd6219ad98652d662668388c7f7b610d7535201e4ff8b1d211b3a0e75e607776b6f842b42d084e6782e485338aa775030ea0a078d43a50908

    Score
    10/10
    lokibotspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks