Overview

overview

10

Static

static

Εντολ...20.exe

windows7_x64

10

Εντολ...20.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    62d95203521d0e0de13d4b70689b9ad5152eb31af21dcdc773a79be962664f5a

  • Size

    233KB

  • Sample

    220521-pwybkagah6

  • MD5

    038ffea38159f39316e08761683fbf86

  • SHA1

    e09796baeb1c164ed6b55f8c9872623e3467fcae

  • SHA256

    62d95203521d0e0de13d4b70689b9ad5152eb31af21dcdc773a79be962664f5a

  • SHA512

    50a93321140550c85128be3b99b154b2fa848e819b0f9eac09a2b36ba2778f673f8cf92d57c3da9f8dc56d50a9464f1325b67d3e9eec1145ddd4aef81b92b8c2

Score
10/10
lokibotcollectionrezer0spywarestealersuricatatrojan

Malware Config

Extracted

Family

lokibot

C2

http://clemglobal.com/server/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      Εντολή αγοράς 87985614 με ημερομηνία 06222020.exe

    • Size

      598KB

    • MD5

      f92ececb3b909c2158eaa33b2bbc0be0

    • SHA1

      42abf8fcfcfc88960063dca12b91fb95896a1cf9

    • SHA256

      033bf801cc1629f11843d56abc90a50768946cc207e0bdfb6d268ec073bf2a78

    • SHA512

      b150fdd247e16b82cf06b3bc3f398be443a8e4a69699cec18055551b76fd00bf2432142eb34fa01db8e33ffee970b2e98f808be83ee953b270836c987c2af19b

    Score
    10/10
    lokibotcollectionrezer0spywarestealersuricatatrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

      suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

      suricata

    • suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2

      suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2

      suricata

    • suricata: ET MALWARE LokiBot Checkin

      suricata: ET MALWARE LokiBot Checkin

      suricata

    • suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1

      suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1

      suricata

    • suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2

      suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2

      suricata

    • suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

      suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

      suricata

    • ReZer0 packer

      Detects ReZer0, a packer with multiple versions used in various campaigns.

      rezer0

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks