Overview

overview

10

Static

static

ed5d538388...d2.exe

windows7_x64

10

ed5d538388...d2.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ed5d538388e254bf5e6df70f0a019432d30450b053d3ac8f1a810b9902b705d2.exe

  • Size

    178KB

  • Sample

    220514-q5h4nshhf7

  • MD5

    fcc68e1665842ba187d428fda22fa636

  • SHA1

    de4a7dc43d9bab918d207eeddd3009ca03442c03

  • SHA256

    ed5d538388e254bf5e6df70f0a019432d30450b053d3ac8f1a810b9902b705d2

  • SHA512

    320fd2c30529c314e3e1bf9247cac14c7e0cb2e3d949d655a47db7ca3e9fe2c369c0ed40a5d74f4c9576f26c67c5ea6c20c1ed595f81d3e3d6f80cd22c8a2615

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://bigdolz.buzz/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      ed5d538388e254bf5e6df70f0a019432d30450b053d3ac8f1a810b9902b705d2.exe

    • Size

      178KB

    • MD5

      fcc68e1665842ba187d428fda22fa636

    • SHA1

      de4a7dc43d9bab918d207eeddd3009ca03442c03

    • SHA256

      ed5d538388e254bf5e6df70f0a019432d30450b053d3ac8f1a810b9902b705d2

    • SHA512

      320fd2c30529c314e3e1bf9247cac14c7e0cb2e3d949d655a47db7ca3e9fe2c369c0ed40a5d74f4c9576f26c67c5ea6c20c1ed595f81d3e3d6f80cd22c8a2615

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks