Overview

overview

10

Static

static

96b09a7227...6a.exe

windows7_x64

10

96b09a7227...6a.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    96b09a7227379467f64b9ca40721b76a.exe

  • Size

    1.5MB

  • Sample

    210727-bd48zl6cpx

  • MD5

    96b09a7227379467f64b9ca40721b76a

  • SHA1

    8a28222904f910de66d2620ae4b99d98c322bdb3

  • SHA256

    5cd560ec7db038e75c705546d41801264cf450d601cf9b1835826da7597ef921

  • SHA512

    75086c8e9403834be783667dfad1cc18b756f4df22357520fd1f4a3a863eda0859591f5a0bcb0860ee1876ba6b317b3e600ec2b36a4be26b6e89015460de3031

Score
10/10
lokibotspywarestealersuricatatrojan

Malware Config

Extracted

Family

lokibot

C2

http://manvim.co/fd3/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      96b09a7227379467f64b9ca40721b76a.exe

    • Size

      1.5MB

    • MD5

      96b09a7227379467f64b9ca40721b76a

    • SHA1

      8a28222904f910de66d2620ae4b99d98c322bdb3

    • SHA256

      5cd560ec7db038e75c705546d41801264cf450d601cf9b1835826da7597ef921

    • SHA512

      75086c8e9403834be783667dfad1cc18b756f4df22357520fd1f4a3a863eda0859591f5a0bcb0860ee1876ba6b317b3e600ec2b36a4be26b6e89015460de3031

    Score
    10/10
    lokibotspywarestealersuricatatrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • suricata: ET MALWARE LokiBot Checkin

      suricata

    • suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

      suricata

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks