Overview

overview

10

Static

static

10

8ed7e6b478...20.exe

windows7_x64

10

8ed7e6b478...20.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8ed7e6b478cf0c00934bb42e3bdf5e20.exe

  • Size

    104KB

  • Sample

    211204-2kdt1abgar

  • MD5

    8ed7e6b478cf0c00934bb42e3bdf5e20

  • SHA1

    ceb70c6dc5a85a64cc7a47e0ec12936f2d5e57db

  • SHA256

    4395224e257fe5659011fb90649c89d295e80123d7622d6cdb5b09371573e1aa

  • SHA512

    db4f78f56df60bcc906588546d0bb55b7ff9ec483484a6d70f891bb33fc84339cf1ee77973f785f1f71d6b1eb8090449078bdc8ededb70a41c094cfa0b5affee

Score
10/10
lokibotcollectionspywarestealersuricatatrojan

Malware Config

Extracted

Family

lokibot

C2

http://naourl.com/data/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      8ed7e6b478cf0c00934bb42e3bdf5e20.exe

    • Size

      104KB

    • MD5

      8ed7e6b478cf0c00934bb42e3bdf5e20

    • SHA1

      ceb70c6dc5a85a64cc7a47e0ec12936f2d5e57db

    • SHA256

      4395224e257fe5659011fb90649c89d295e80123d7622d6cdb5b09371573e1aa

    • SHA512

      db4f78f56df60bcc906588546d0bb55b7ff9ec483484a6d70f891bb33fc84339cf1ee77973f785f1f71d6b1eb8090449078bdc8ededb70a41c094cfa0b5affee

    Score
    10/10
    lokibotcollectionspywarestealersuricatatrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • suricata: ET MALWARE LokiBot Checkin

      suricata: ET MALWARE LokiBot Checkin

      suricata

    • suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

      suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

      suricata

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks