Overview

overview

10

Static

static

UySfcAwQvKRAxLa.exe

windows7_x64

10

UySfcAwQvKRAxLa.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f5c312f22d032b0ca6dba954815dd917765784c0a0c15569e96d4876bfd66e52

  • Size

    148KB

  • Sample

    220521-xl2j8sfcgp

  • MD5

    2c7e1d3c7f901b9ee4a4eb47db8cf32a

  • SHA1

    86ec7cfe51e1cffa1d22a67de8e5b1439d48dcb5

  • SHA256

    f5c312f22d032b0ca6dba954815dd917765784c0a0c15569e96d4876bfd66e52

  • SHA512

    5da7a9cd4359bdb9108b5646d53044d0e22a2f2dc9ce53cb4981c88e78e9df0caa7eb8f435193485191fc1380f6ee4ecce3148aa007da23d8f6d096108aed22c

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://broken6.cf/L3/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      UySfcAwQvKRAxLa.exe

    • Size

      198KB

    • MD5

      98661e5984ad7409b1652fa45267dc9c

    • SHA1

      2369d074a8f5045166cfbf7e20ddcde5647df1e0

    • SHA256

      f94e8615fb3b739ab3ad8ec81511b5439a72d4e865a5f9975aa524ac6036d3c2

    • SHA512

      5875e0da29f6f5ab4ed7c6f6dfca1979c41413b97937227b8087d9503cbf19b0183a912a85b9995148d5968850527a7f5ba1e09dfdc09f965c97cc5e8c2b8eb0

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks