Overview

overview

10

Static

static

488f7a3fc4...e5.exe

windows7_x64

10

488f7a3fc4...e5.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    488f7a3fc434e5236f57d76b3c5e9ae5.exe

  • Size

    450KB

  • Sample

    210926-x8y3mafce2

  • MD5

    488f7a3fc434e5236f57d76b3c5e9ae5

  • SHA1

    ff52a87d067a77ece8f948ad58af9af5a989b074

  • SHA256

    27d79e79361f3d086f3c9001d35d51328f513a1061b3a89389d4291cc85427df

  • SHA512

    cad4046a82f934f144dcf27a51148ac7a614a4e3ecec35b6a460bf779238c329a6a35082b4dbb69add47df21ec1ff146336dbccb03558d8fde0fcf88d0714f62

Score
10/10
lokibotspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://jlpack.email/grace/Panel/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      488f7a3fc434e5236f57d76b3c5e9ae5.exe

    • Size

      450KB

    • MD5

      488f7a3fc434e5236f57d76b3c5e9ae5

    • SHA1

      ff52a87d067a77ece8f948ad58af9af5a989b074

    • SHA256

      27d79e79361f3d086f3c9001d35d51328f513a1061b3a89389d4291cc85427df

    • SHA512

      cad4046a82f934f144dcf27a51148ac7a614a4e3ecec35b6a460bf779238c329a6a35082b4dbb69add47df21ec1ff146336dbccb03558d8fde0fcf88d0714f62

    Score
    10/10
    lokibotspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks