Overview

overview

10

Static

static

f70ec28e2a...d0.exe

windows7_x64

10

f70ec28e2a...d0.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f70ec28e2a91f35a01a45d2083c4442b33a7c32224fab7238a7ee9e3ccbed4d0.exe

  • Size

    179KB

  • Sample

    220514-q5jefahhg3

  • MD5

    2046818de1e5556e217bf35c2ae6391d

  • SHA1

    675bd42bdeb7867d0d60f5f59288fdd8fa7d04d6

  • SHA256

    f70ec28e2a91f35a01a45d2083c4442b33a7c32224fab7238a7ee9e3ccbed4d0

  • SHA512

    58665c8d8ac018c298f14d4441a3377178b573db3b62cc8a12ef74437a5bf9cef61f30c3ec8caa12830b21a23dfd4643182c3638bd275a854c4f7f174f124996

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://panel-report-logs.ml/alhaji/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      f70ec28e2a91f35a01a45d2083c4442b33a7c32224fab7238a7ee9e3ccbed4d0.exe

    • Size

      179KB

    • MD5

      2046818de1e5556e217bf35c2ae6391d

    • SHA1

      675bd42bdeb7867d0d60f5f59288fdd8fa7d04d6

    • SHA256

      f70ec28e2a91f35a01a45d2083c4442b33a7c32224fab7238a7ee9e3ccbed4d0

    • SHA512

      58665c8d8ac018c298f14d4441a3377178b573db3b62cc8a12ef74437a5bf9cef61f30c3ec8caa12830b21a23dfd4643182c3638bd275a854c4f7f174f124996

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks