Overview

overview

10

Static

static

0fb699b995...0b.exe

windows7_x64

10

0fb699b995...0b.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0fb699b995c7844be905bde197f7ba9da846861a5030b1bbf15bf5a5cc9c460b.exe

  • Size

    402KB

  • Sample

    210726-rytytmyz96

  • MD5

    c30b0bbad81350632d4c1f159834d999

  • SHA1

    ce059ee391aa495a203a7570cd3c3e300068dfdb

  • SHA256

    0fb699b995c7844be905bde197f7ba9da846861a5030b1bbf15bf5a5cc9c460b

  • SHA512

    99e56d2d052c7e85d384ab81320695a8f2fad9e2c2e447f18a0db4bc9008e16c2967037cc9901136eb53c7b69ab7a7875a129b664a7444bff18fb87564ea31f6

Score
10/10
lokibotspywarestealersuricatatrojan

Malware Config

Extracted

Family

lokibot

C2

http://asiatrans.cf/BN1/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      0fb699b995c7844be905bde197f7ba9da846861a5030b1bbf15bf5a5cc9c460b.exe

    • Size

      402KB

    • MD5

      c30b0bbad81350632d4c1f159834d999

    • SHA1

      ce059ee391aa495a203a7570cd3c3e300068dfdb

    • SHA256

      0fb699b995c7844be905bde197f7ba9da846861a5030b1bbf15bf5a5cc9c460b

    • SHA512

      99e56d2d052c7e85d384ab81320695a8f2fad9e2c2e447f18a0db4bc9008e16c2967037cc9901136eb53c7b69ab7a7875a129b664a7444bff18fb87564ea31f6

    Score
    10/10
    lokibotspywarestealersuricatatrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • suricata: ET MALWARE LokiBot Checkin

      suricata

    • suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

      suricata

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks