Overview

overview

10

Static

static

PO#10242021.exe

windows7_x64

10

PO#10242021.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO#10242021.zip

  • Size

    391KB

  • Sample

    211025-elcl1agebr

  • MD5

    3f7e6b132641661f717a5297f7f25214

  • SHA1

    b58eb5a5356cea065d2c7298397d76bafb8a3777

  • SHA256

    b36758c68ce2e8f22005b65823c2e2634547f2fbf6b39e99da5b0077634e0347

  • SHA512

    ec79006596be438467ae773774fa836caf0e1c7fa815ff227faea4b1bfcb27685386ca252e7aa935761f026dc5469453eee6b06aa47dee039a8df2a610427b16

Score
10/10
lokibotcollectionspywarestealersuricatatrojan

Malware Config

Extracted

Family

lokibot

C2

http://iykl2.xyz/otker1/w2/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      PO#10242021.exe

    • Size

      449KB

    • MD5

      bb2e526169ac72e5467349a35400c01d

    • SHA1

      e0d513185518e5a51fb14e431e62864f04ac3ca3

    • SHA256

      41efc8c7bc8097eb8df45f10bc54a3d67ad9f4c2fc6b173641fcc19ee8cd81d9

    • SHA512

      454ffd0fbc48d5e2824790ba43ded53875a443ad4bfaf24af41064a63c9ad71338b5672139e17b8bc0dbd3d3a591c7fa57566216171cf3be3b59be9b27184ab9

    Score
    10/10
    lokibotcollectionspywarestealersuricatatrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • suricata: ET MALWARE LokiBot Checkin

      suricata: ET MALWARE LokiBot Checkin

      suricata

    • suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

      suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

      suricata

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks