Overview

overview

10

Static

static

vbc.exe

windows7_x64

10

vbc.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    vbc.exe

  • Size

    317KB

  • Sample

    211203-mhntvsgagp

  • MD5

    7a3d69b7369877caa7637a9a923ab4d9

  • SHA1

    2da6e5b79cd58ae81a40e07e0a1a0b0787a49fed

  • SHA256

    269ba4d010f5ca07dd2353a905c93a54be10125d02d82a5e52cc34f5d259ef81

  • SHA512

    f40332086c992915d64e47fb1dcdb21243079f1ff3c278ab80085fa8a254fbc3553f665572d210ca36127cef310bebcef203ceff5da000f478a4101e23c23b98

Score
10/10
lokibotcollectionspywarestealersuricatatrojan

Malware Config

Extracted

Family

lokibot

C2

http://secure01-redirect.net/gb7/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      vbc.exe

    • Size

      317KB

    • MD5

      7a3d69b7369877caa7637a9a923ab4d9

    • SHA1

      2da6e5b79cd58ae81a40e07e0a1a0b0787a49fed

    • SHA256

      269ba4d010f5ca07dd2353a905c93a54be10125d02d82a5e52cc34f5d259ef81

    • SHA512

      f40332086c992915d64e47fb1dcdb21243079f1ff3c278ab80085fa8a254fbc3553f665572d210ca36127cef310bebcef203ceff5da000f478a4101e23c23b98

    Score
    10/10
    lokibotcollectionspywarestealersuricatatrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • suricata: ET MALWARE LokiBot Checkin

      suricata: ET MALWARE LokiBot Checkin

      suricata

    • suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

      suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

      suricata

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1
T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1
T1064

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks