Overview

overview

10

Static

static

2175d9acfb...7e.exe

windows7_x64

10

2175d9acfb...7e.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2175d9acfb00790f1169c87ee52591317e3a2f2a63b3931ca863c2462962bc7e.exe

  • Size

    585KB

  • Sample

    220521-yhx83sdab6

  • MD5

    81735a1c5330f00fc83ed54396f551b5

  • SHA1

    1fd5bc1439e40c8b590416ac3a13561b9969a805

  • SHA256

    2175d9acfb00790f1169c87ee52591317e3a2f2a63b3931ca863c2462962bc7e

  • SHA512

    91fb4c303b2fcc0f2850b38dc47ee956c525ad419d736b5155da3002ffbf7df8fa06be48041e136df406ce26d8b3585df92f4c83027680a734bb1e3bf6e53875

Score
10/10
lokibotcollectionspywarestealersuricatatrojan

Malware Config

Extracted

Family

lokibot

C2

http://198.187.30.47/p.php?id=7124741524802130

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      2175d9acfb00790f1169c87ee52591317e3a2f2a63b3931ca863c2462962bc7e.exe

    • Size

      585KB

    • MD5

      81735a1c5330f00fc83ed54396f551b5

    • SHA1

      1fd5bc1439e40c8b590416ac3a13561b9969a805

    • SHA256

      2175d9acfb00790f1169c87ee52591317e3a2f2a63b3931ca863c2462962bc7e

    • SHA512

      91fb4c303b2fcc0f2850b38dc47ee956c525ad419d736b5155da3002ffbf7df8fa06be48041e136df406ce26d8b3585df92f4c83027680a734bb1e3bf6e53875

    Score
    10/10
    lokibotcollectionspywarestealersuricatatrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

      suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

      suricata

    • suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2

      suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2

      suricata

    • suricata: ET MALWARE LokiBot Checkin

      suricata: ET MALWARE LokiBot Checkin

      suricata

    • suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1

      suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1

      suricata

    • suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2

      suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2

      suricata

    • suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

      suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

      suricata

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks