Overview

overview

10

Static

static

b42dbca35e...5e.exe

windows7_x64

1

b42dbca35e...5e.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b42dbca35ee7fb914d2566cd137fa7f8c69036e6824ac3dc2bf7d50198742c5e.exe

  • Size

    855KB

  • Sample

    220514-q5kx9saab5

  • MD5

    0eb3390bac4066e5714f9f334ce1b573

  • SHA1

    284cd714b259d872a952666b0ddc5e81eeca10f3

  • SHA256

    b42dbca35ee7fb914d2566cd137fa7f8c69036e6824ac3dc2bf7d50198742c5e

  • SHA512

    31134d969562b5a8f569d0fa8fd660c8f0e0183c9450dfed97fd6282d5b96a35abc47ada8c4bb29dd9e05eabed402838e9d12e2deff5790755861ec464a13cdb

Score
10/10
lokibotcollectionspywarestealersuricatatrojan

Malware Config

Extracted

Family

lokibot

C2

http://sempersim.su/gf21/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      b42dbca35ee7fb914d2566cd137fa7f8c69036e6824ac3dc2bf7d50198742c5e.exe

    • Size

      855KB

    • MD5

      0eb3390bac4066e5714f9f334ce1b573

    • SHA1

      284cd714b259d872a952666b0ddc5e81eeca10f3

    • SHA256

      b42dbca35ee7fb914d2566cd137fa7f8c69036e6824ac3dc2bf7d50198742c5e

    • SHA512

      31134d969562b5a8f569d0fa8fd660c8f0e0183c9450dfed97fd6282d5b96a35abc47ada8c4bb29dd9e05eabed402838e9d12e2deff5790755861ec464a13cdb

    Score
    10/10
    lokibotcollectionspywarestealersuricatatrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

      suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

      suricata

    • suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2

      suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2

      suricata

    • suricata: ET MALWARE LokiBot Checkin

      suricata: ET MALWARE LokiBot Checkin

      suricata

    • suricata: ET MALWARE LokiBot Fake 404 Response

      suricata: ET MALWARE LokiBot Fake 404 Response

      suricata

    • suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1

      suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1

      suricata

    • suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2

      suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2

      suricata

    • suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

      suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

      suricata

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks