Overview

overview

10

Static

static

202107270010.exe

windows7_x64

8

202107270010.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    202107270010.exe

  • Size

    13KB

  • Sample

    210727-4sstcknvnx

  • MD5

    3dff5c2b37da43ac40de3e0d5fa5b357

  • SHA1

    ad8051789c990e68f850ad5d58bea12e321bae18

  • SHA256

    730bfa776152c38152b5c9180061bf02b4b63a62f2f214cf022bce4bda218c8a

  • SHA512

    b866abd538be4fde091b9f4498c25d6096d55667bad638ad96fb305fd54b140072d27fd0cb7f574581f5de8f33b58cc41bcfc595a5474eb8be663f6b7505da14

Score
10/10
lokibotspywarestealersuricatatrojan

Malware Config

Extracted

Family

lokibot

C2

https://vistusexpress.ao/wp-img/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      202107270010.exe

    • Size

      13KB

    • MD5

      3dff5c2b37da43ac40de3e0d5fa5b357

    • SHA1

      ad8051789c990e68f850ad5d58bea12e321bae18

    • SHA256

      730bfa776152c38152b5c9180061bf02b4b63a62f2f214cf022bce4bda218c8a

    • SHA512

      b866abd538be4fde091b9f4498c25d6096d55667bad638ad96fb305fd54b140072d27fd0cb7f574581f5de8f33b58cc41bcfc595a5474eb8be663f6b7505da14

    Score
    10/10
    lokibotspywarestealersuricatatrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • suricata: ET MALWARE LokiBot Checkin

      suricata

    • suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

      suricata

    • Downloads MZ/PE file

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks