Overview

overview

10

Static

static

eb96018231...91.exe

windows7_x64

10

eb96018231...91.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eb9601823180e93e7c162ff9ed197991

  • Size

    299KB

  • Sample

    220110-p9sm8secd4

  • MD5

    eb9601823180e93e7c162ff9ed197991

  • SHA1

    272a84e6fc6089aef0cf1f23748d47903f717e47

  • SHA256

    4cdc0066a8c9c9af29fd83fc781198924e5b7fa7de206392b69440675979ae39

  • SHA512

    f32d1ebd427c841218baaabc1a67493ca211591a97c5f620eaa7f432dd8572b5d84e088fac22b93b059f8c70418bc12b50455cfcee4bc8642c5075cb5db50e41

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://secure01-redirect.net/gc6/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      eb9601823180e93e7c162ff9ed197991

    • Size

      299KB

    • MD5

      eb9601823180e93e7c162ff9ed197991

    • SHA1

      272a84e6fc6089aef0cf1f23748d47903f717e47

    • SHA256

      4cdc0066a8c9c9af29fd83fc781198924e5b7fa7de206392b69440675979ae39

    • SHA512

      f32d1ebd427c841218baaabc1a67493ca211591a97c5f620eaa7f432dd8572b5d84e088fac22b93b059f8c70418bc12b50455cfcee4bc8642c5075cb5db50e41

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks