Overview

overview

10

Static

static

ekema file.exe

windows7_x64

10

ekema file.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ekema file.exe

  • Size

    230KB

  • Sample

    210810-gwdhkw4pxs

  • MD5

    67c6b42042053c3612e928cc593e85a8

  • SHA1

    376def01c75feef9ec278980d6bea94661d05f6c

  • SHA256

    4a6b31994025e7a6dcfeab2954dd3ae8aba701d227ac5b9684ca97e1031256c5

  • SHA512

    96b9d82b6723eb4b5e6db247f2403d268ecd709fa70f9b3ee92e6ad8e102a5694ea84cc60e3d99daf3968f7fffa1384a7fa3fcec657ea9e8706c39048684b13e

Score
10/10
lokibotspywarestealersuricatatrojan

Malware Config

Extracted

Family

lokibot

C2

http://185.227.139.5/sxisodifntose.php/X8wFuK75H7pEk

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      ekema file.exe

    • Size

      230KB

    • MD5

      67c6b42042053c3612e928cc593e85a8

    • SHA1

      376def01c75feef9ec278980d6bea94661d05f6c

    • SHA256

      4a6b31994025e7a6dcfeab2954dd3ae8aba701d227ac5b9684ca97e1031256c5

    • SHA512

      96b9d82b6723eb4b5e6db247f2403d268ecd709fa70f9b3ee92e6ad8e102a5694ea84cc60e3d99daf3968f7fffa1384a7fa3fcec657ea9e8706c39048684b13e

    Score
    10/10
    lokibotspywarestealersuricatatrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • suricata: ET MALWARE LokiBot Checkin

      suricata: ET MALWARE LokiBot Checkin

      suricata

    • suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

      suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

      suricata

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks