Overview

overview

10

Static

static

2026f257fe...62.exe

windows7_x64

10

2026f257fe...62.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2026f257fe24b522a9768867c9d4ef832a3a3f5123fdfee64990f86c9e88e862

  • Size

    675KB

  • Sample

    220420-tbpwxadabk

  • MD5

    540a063b60425b3aeef06d7875c0d3b1

  • SHA1

    b234c2444660dfcf8421ef2e3f6a29de28564038

  • SHA256

    2026f257fe24b522a9768867c9d4ef832a3a3f5123fdfee64990f86c9e88e862

  • SHA512

    342f7ad97507920dec3fe383a6b269c4071ebaf79f80711dd176476edf1b80a0c4130370760cf25e1f3bfe1b4c1d5d5da66423a0aff7470716792cd87e777943

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://198.23.200.241/~power13/.sixnrpq/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      2026f257fe24b522a9768867c9d4ef832a3a3f5123fdfee64990f86c9e88e862

    • Size

      675KB

    • MD5

      540a063b60425b3aeef06d7875c0d3b1

    • SHA1

      b234c2444660dfcf8421ef2e3f6a29de28564038

    • SHA256

      2026f257fe24b522a9768867c9d4ef832a3a3f5123fdfee64990f86c9e88e862

    • SHA512

      342f7ad97507920dec3fe383a6b269c4071ebaf79f80711dd176476edf1b80a0c4130370760cf25e1f3bfe1b4c1d5d5da66423a0aff7470716792cd87e777943

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks