Overview

overview

10

Static

static

9d5a4507ca...0e.exe

windows7_x64

10

9d5a4507ca...0e.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9d5a4507ca16ca47315c7b7f58279cf23bbb9ffda2340367130d1d5b2d00740e.exe

  • Size

    541KB

  • Sample

    210503-g6aawmfdc2

  • MD5

    7e1096d0fedac6c88a4f58eefcf1e92b

  • SHA1

    fd6292bbb0286425e6be104b2156b173261ac740

  • SHA256

    9d5a4507ca16ca47315c7b7f58279cf23bbb9ffda2340367130d1d5b2d00740e

  • SHA512

    b32d13ce536e54dae40327557ddf6b215cc186b7dd60a423aaf7ab28d87cba2991ef95b898496b2ea1994ae1e6bb6a77bd8861564d849ba37837da29758dc14c

Score
10/10
lokibotagilenetspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://104.168.175.179/ghost2/panels/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      9d5a4507ca16ca47315c7b7f58279cf23bbb9ffda2340367130d1d5b2d00740e.exe

    • Size

      541KB

    • MD5

      7e1096d0fedac6c88a4f58eefcf1e92b

    • SHA1

      fd6292bbb0286425e6be104b2156b173261ac740

    • SHA256

      9d5a4507ca16ca47315c7b7f58279cf23bbb9ffda2340367130d1d5b2d00740e

    • SHA512

      b32d13ce536e54dae40327557ddf6b215cc186b7dd60a423aaf7ab28d87cba2991ef95b898496b2ea1994ae1e6bb6a77bd8861564d849ba37837da29758dc14c

    Score
    10/10
    lokibotagilenetspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Executes dropped EXE

    • Loads dropped DLL

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks