Overview

overview

10

Static

static

a136e7979c...53.exe

windows7_x64

10

a136e7979c...53.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a136e7979c03ad9e689caf926a8f851a26e52e53e27d950d5d0c28dadb2bb353.exe

  • Size

    329KB

  • Sample

    210727-pj4z1pjx5x

  • MD5

    968b17cbf61802592fde392143660add

  • SHA1

    5ebfaa463908ff18aaaddeb618fa790d01836dcb

  • SHA256

    a136e7979c03ad9e689caf926a8f851a26e52e53e27d950d5d0c28dadb2bb353

  • SHA512

    269f01a8d9fe7a2333f7529ca53404a2a8d84740c07d56525690973eadb5e77e1c5e914c1e096fb0d850c66b2228d3f7b17201d54b4bcf0ae7e5a9873e3fca68

Score
10/10
lokibotspywarestealersuricatatrojan

Malware Config

Extracted

Family

lokibot

C2

http://manvim.co/fd7/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      a136e7979c03ad9e689caf926a8f851a26e52e53e27d950d5d0c28dadb2bb353.exe

    • Size

      329KB

    • MD5

      968b17cbf61802592fde392143660add

    • SHA1

      5ebfaa463908ff18aaaddeb618fa790d01836dcb

    • SHA256

      a136e7979c03ad9e689caf926a8f851a26e52e53e27d950d5d0c28dadb2bb353

    • SHA512

      269f01a8d9fe7a2333f7529ca53404a2a8d84740c07d56525690973eadb5e77e1c5e914c1e096fb0d850c66b2228d3f7b17201d54b4bcf0ae7e5a9873e3fca68

    Score
    10/10
    lokibotspywarestealersuricatatrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • suricata: ET MALWARE LokiBot Checkin

      suricata

    • suricata: ET MALWARE LokiBot Fake 404 Response

      suricata

    • suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1

      suricata

    • suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2

      suricata

    • suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

      suricata
    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks