Overview

overview

10

Static

static

be90853c57...97.exe

windows7_x64

10

be90853c57...97.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    be90853c57c6fd8ab455a43712172637a905beb090c7cadf5ef3c5ddedeab097

  • Size

    441KB

  • Sample

    220414-hm4cwsadd4

  • MD5

    a53796c07af541e8233e7c8d72005e6b

  • SHA1

    1165ba1c7c8cf957c088c12a16cbc1503731e8dd

  • SHA256

    be90853c57c6fd8ab455a43712172637a905beb090c7cadf5ef3c5ddedeab097

  • SHA512

    d57e002f6f5991e2eff52903f55f8441f46a956e4390a96c52c84e4ec1970ce7461cc13dedf37846b26355ef21445d95d41a7088395ec0b2c0a9f41a8f56f366

Score
10/10
lokibotmetastealercollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://azzmtool.com/zoro/zoro5/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      be90853c57c6fd8ab455a43712172637a905beb090c7cadf5ef3c5ddedeab097

    • Size

      441KB

    • MD5

      a53796c07af541e8233e7c8d72005e6b

    • SHA1

      1165ba1c7c8cf957c088c12a16cbc1503731e8dd

    • SHA256

      be90853c57c6fd8ab455a43712172637a905beb090c7cadf5ef3c5ddedeab097

    • SHA512

      d57e002f6f5991e2eff52903f55f8441f46a956e4390a96c52c84e4ec1970ce7461cc13dedf37846b26355ef21445d95d41a7088395ec0b2c0a9f41a8f56f366

    Score
    10/10
    lokibotcollectionspywarestealertrojanmetastealer

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Meta Stealer Stealer

      Meta Stealer steals passwords stored in browsers, written in C++.

      stealermetastealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks