Overview

overview

10

Static

static

4bd029fab2...49.exe

windows7_x64

10

4bd029fab2...49.exe

windows10_x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4bd029fab2e1855b65f19af615d5af49

  • Size

    415KB

  • Sample

    210728-2wkd5jham6

  • MD5

    4bd029fab2e1855b65f19af615d5af49

  • SHA1

    1fdcbad64e3513f887e359ed8411b415cc43ba23

  • SHA256

    19bb2b0774e1638edbdcccc7e2fb936773727966acd3977137a8acfe0823266d

  • SHA512

    21de8fa96ec71de42f2501029d96baca5a5fd34f06a4729ecc779b53410fa9a979412ce965d9792127416dad81758ac5623d0b3d20349de8488e7a330df9e282

Score
10/10
lokibotspywarestealersuricatatrojan

Malware Config

Extracted

Family

lokibot

C2

http://arku.xyz/tkrr/T1/w2/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      4bd029fab2e1855b65f19af615d5af49

    • Size

      415KB

    • MD5

      4bd029fab2e1855b65f19af615d5af49

    • SHA1

      1fdcbad64e3513f887e359ed8411b415cc43ba23

    • SHA256

      19bb2b0774e1638edbdcccc7e2fb936773727966acd3977137a8acfe0823266d

    • SHA512

      21de8fa96ec71de42f2501029d96baca5a5fd34f06a4729ecc779b53410fa9a979412ce965d9792127416dad81758ac5623d0b3d20349de8488e7a330df9e282

    Score
    10/10
    lokibotspywarestealersuricatatrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • suricata: ET MALWARE LokiBot Checkin

      suricata

    • suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

      suricata

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks