Overview

overview

10

Static

static

5cd2632433...49.exe

windows7_x64

10

5cd2632433...49.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5cd263243369cc7338a221f416328bf7c1be1d648ddf3485eaf6e7cbb0016149.exe

  • Size

    444KB

  • Sample

    210426-h4gh1lj52j

  • MD5

    55fa247362c8d44eb5c1aca6e671d894

  • SHA1

    71a8a5588dde3a595d1522e2f8aa5e8e328c57e7

  • SHA256

    5cd263243369cc7338a221f416328bf7c1be1d648ddf3485eaf6e7cbb0016149

  • SHA512

    831f882647c633261354ee9c29861c1b15af2ab8794ccd33425c36894df52a53cd919f81f28aef4dab08e152e1046536a2fb2e83dc3090ab9c680ea5f3c9bbbf

Score
10/10
lokibotagilenetspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://104.168.213.88/ghost1/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      5cd263243369cc7338a221f416328bf7c1be1d648ddf3485eaf6e7cbb0016149.exe

    • Size

      444KB

    • MD5

      55fa247362c8d44eb5c1aca6e671d894

    • SHA1

      71a8a5588dde3a595d1522e2f8aa5e8e328c57e7

    • SHA256

      5cd263243369cc7338a221f416328bf7c1be1d648ddf3485eaf6e7cbb0016149

    • SHA512

      831f882647c633261354ee9c29861c1b15af2ab8794ccd33425c36894df52a53cd919f81f28aef4dab08e152e1046536a2fb2e83dc3090ab9c680ea5f3c9bbbf

    Score
    10/10
    lokibotagilenetspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks