Overview

overview

10

Static

static

d393823a59...06.exe

windows7_x64

10

d393823a59...06.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d393823a59a55e03419715ea5d7c35e0707bdf60c81da975dbc37003e3a67006.exe

  • Size

    1.5MB

  • Sample

    210726-4xyq3fjczx

  • MD5

    cfea98c53a954d7092b345a709d9f0ee

  • SHA1

    f45f2fafabe0500b9a7e753200429f3b53f0c46f

  • SHA256

    d393823a59a55e03419715ea5d7c35e0707bdf60c81da975dbc37003e3a67006

  • SHA512

    a99d200e38cb0a93df448aff1c26954dea9b61c4af6ec65764ff7f04d6f651cdcea9a16d64906d0586c9304a8fb1cbacd64c979b56b9884036e1d8025d400452

Score
10/10
lokibotspywarestealersuricatatrojan

Malware Config

Extracted

Family

lokibot

C2

http://185.227.139.18/dsaicosaicasdi.php/4jmQmvXLmQyTH

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      d393823a59a55e03419715ea5d7c35e0707bdf60c81da975dbc37003e3a67006.exe

    • Size

      1.5MB

    • MD5

      cfea98c53a954d7092b345a709d9f0ee

    • SHA1

      f45f2fafabe0500b9a7e753200429f3b53f0c46f

    • SHA256

      d393823a59a55e03419715ea5d7c35e0707bdf60c81da975dbc37003e3a67006

    • SHA512

      a99d200e38cb0a93df448aff1c26954dea9b61c4af6ec65764ff7f04d6f651cdcea9a16d64906d0586c9304a8fb1cbacd64c979b56b9884036e1d8025d400452

    Score
    10/10
    lokibotspywarestealersuricatatrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • suricata: ET MALWARE LokiBot Checkin

      suricata

    • suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

      suricata

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks