Overview

overview

10

Static

static

e02e5c6a19...64.exe

windows7_x64

10

e02e5c6a19...64.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e02e5c6a19494f4f8db40abb8d287e69e36c52977da9ac8c2fb3ddda8afda264.exe

  • Size

    190KB

  • Sample

    211021-n9ldgsbbbl

  • MD5

    c8b959ef2d758a41a5f152f69c92d925

  • SHA1

    d7075192df45409fc111d642d861ce52a45cb2b1

  • SHA256

    e02e5c6a19494f4f8db40abb8d287e69e36c52977da9ac8c2fb3ddda8afda264

  • SHA512

    d4717d0f74a7aec1e103c5152c49fee597366326578524b9adb5428dcd18112bfa10185a6e31d3070f8a9fce4d36daed0ee3be402987e7a29458cbcceecc42ea

Score
10/10
lokibotcollectionspywarestealersuricatatrojan

Malware Config

Extracted

Family

lokibot

C2

http://iykl2.xyz/otker1/w2/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      e02e5c6a19494f4f8db40abb8d287e69e36c52977da9ac8c2fb3ddda8afda264.exe

    • Size

      190KB

    • MD5

      c8b959ef2d758a41a5f152f69c92d925

    • SHA1

      d7075192df45409fc111d642d861ce52a45cb2b1

    • SHA256

      e02e5c6a19494f4f8db40abb8d287e69e36c52977da9ac8c2fb3ddda8afda264

    • SHA512

      d4717d0f74a7aec1e103c5152c49fee597366326578524b9adb5428dcd18112bfa10185a6e31d3070f8a9fce4d36daed0ee3be402987e7a29458cbcceecc42ea

    Score
    10/10
    lokibotcollectionspywarestealersuricatatrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • suricata: ET MALWARE LokiBot Checkin

      suricata: ET MALWARE LokiBot Checkin

      suricata

    • suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

      suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

      suricata

    • suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)

      suricata: ET MALWARE Single char EXE direct download likely trojan (multiple families)

      suricata

    • suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

      suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

      suricata

    • Downloads MZ/PE file

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks