Overview

overview

10

Static

static

911972906b...e4.exe

windows7_x64

10

911972906b...e4.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    911972906b8b8d93242c949ae86d35275b6850ec7174296e3d2aed8c9b6356e4.exe

  • Size

    346KB

  • Sample

    211028-n9z7msgcdr

  • MD5

    8afba96c3baa28a1cb7725a8a282a40f

  • SHA1

    aa6ed22361211f4affc43e5428f259cf221f7278

  • SHA256

    911972906b8b8d93242c949ae86d35275b6850ec7174296e3d2aed8c9b6356e4

  • SHA512

    dbb1f4a6bbdc76a294f24794ca1aeb3f002227357b43562ecea00f4d6c2208c6cb066b27ffea89a8befd6eb3af46070331a67210be64544b1f10cc1dcbf00efd

Score
10/10
lokibotcollectionspywarestealersuricatatrojan

Malware Config

Extracted

Family

lokibot

C2

http://secure01-redirect.net/ho/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      911972906b8b8d93242c949ae86d35275b6850ec7174296e3d2aed8c9b6356e4.exe

    • Size

      346KB

    • MD5

      8afba96c3baa28a1cb7725a8a282a40f

    • SHA1

      aa6ed22361211f4affc43e5428f259cf221f7278

    • SHA256

      911972906b8b8d93242c949ae86d35275b6850ec7174296e3d2aed8c9b6356e4

    • SHA512

      dbb1f4a6bbdc76a294f24794ca1aeb3f002227357b43562ecea00f4d6c2208c6cb066b27ffea89a8befd6eb3af46070331a67210be64544b1f10cc1dcbf00efd

    Score
    10/10
    lokibotcollectionspywarestealersuricatatrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • suricata: ET MALWARE LokiBot Checkin

      suricata: ET MALWARE LokiBot Checkin

      suricata

    • suricata: ET MALWARE LokiBot Fake 404 Response

      suricata: ET MALWARE LokiBot Fake 404 Response

      suricata

    • suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1

      suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1

      suricata

    • suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2

      suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2

      suricata

    • suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

      suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

      suricata

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks