Overview

overview

10

Static

static

Shipping D...pg.exe

windows7_x64

3

Shipping D...pg.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Shipping Document.jpg.ace

  • Size

    360KB

  • Sample

    211201-rhvpmafgf8

  • MD5

    de0db7d0abd74d617dc815e13a41388b

  • SHA1

    a7b110ef617bb2c43c9e5790ac24a6d71445192c

  • SHA256

    65a8197891e366a49f8577460a9aaa89ca583cfbec7aac0847d9ccbf75842b1a

  • SHA512

    f0357a8f1f6beb6eba3a71c0bceb220370419451397aa850f4066af4b00dbadcc069da0869442e9efe7b06c52e0eacbc2bb9a9f88975e7f3b7dfd732e2a950a0

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://roboticsengineeringtech.xyz/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      Shipping Document.jpg.exe

    • Size

      535KB

    • MD5

      0bedced4f80f29a3a4eacf08a57a7d1a

    • SHA1

      f3aa3d1a2cd8478e9900f8e40568a073ecccf50b

    • SHA256

      2327df8853c7f67ab43cda8c3f0494f148f74682aecaa685fd932bcc2b4df5a1

    • SHA512

      2058cd590d6f843bcc101ab3a12368fbf3b35e8bc40e0e8c05932aa1b0627f2cac8a2e8e07dad3b095089351b9b7843e9a8d9d62f503997a7d746ce9a998e716

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks