Overview

overview

10

Static

static

3c5103c776...55.exe

windows7_x64

10

3c5103c776...55.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3c5103c77675f880bf0922121845f60f155d06eae43f7519c4916bb3196b8e55.exe

  • Size

    178KB

  • Sample

    220514-q5jp7shhg6

  • MD5

    98a602591bf121ef9282ce623291a941

  • SHA1

    0c54e2ccbb64815c9e981af8e35feec1efedbd2c

  • SHA256

    3c5103c77675f880bf0922121845f60f155d06eae43f7519c4916bb3196b8e55

  • SHA512

    83f5af0bdc87f88056abd03eb7dab32e6a21204ec9bb8b8ce328f3ea9c7ab7e764b1cf358ad16dbb7c1016847fadc029e248420f8298927ad8e9b364140f2aa6

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://neduskyy.buzz/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      3c5103c77675f880bf0922121845f60f155d06eae43f7519c4916bb3196b8e55.exe

    • Size

      178KB

    • MD5

      98a602591bf121ef9282ce623291a941

    • SHA1

      0c54e2ccbb64815c9e981af8e35feec1efedbd2c

    • SHA256

      3c5103c77675f880bf0922121845f60f155d06eae43f7519c4916bb3196b8e55

    • SHA512

      83f5af0bdc87f88056abd03eb7dab32e6a21204ec9bb8b8ce328f3ea9c7ab7e764b1cf358ad16dbb7c1016847fadc029e248420f8298927ad8e9b364140f2aa6

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks