Overview

overview

10

Static

static

1d11abd897...72.exe

windows7_x64

10

1d11abd897...72.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1d11abd89729dd1cbd64e52496bb76d942b082ae3ab34bb548fce18efefd8d72

  • Size

    268KB

  • Sample

    220701-hsqnzsaeg8

  • MD5

    6a4e1ce5ab0776a62ed2f5919ada8fbf

  • SHA1

    70425753944339a629a930840ebddbc91e590d1d

  • SHA256

    1d11abd89729dd1cbd64e52496bb76d942b082ae3ab34bb548fce18efefd8d72

  • SHA512

    a25b689b894a32d1b9a271ac83f38f419ef3965b27d7d72a138bfdc5ef940c9683d1f1f8c4fadbee10017fb34732be8c83cca2fbd80cf7f244e672c9673be1f8

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://castmart.ga/~zadmin/lmark/aps/link.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      1d11abd89729dd1cbd64e52496bb76d942b082ae3ab34bb548fce18efefd8d72

    • Size

      268KB

    • MD5

      6a4e1ce5ab0776a62ed2f5919ada8fbf

    • SHA1

      70425753944339a629a930840ebddbc91e590d1d

    • SHA256

      1d11abd89729dd1cbd64e52496bb76d942b082ae3ab34bb548fce18efefd8d72

    • SHA512

      a25b689b894a32d1b9a271ac83f38f419ef3965b27d7d72a138bfdc5ef940c9683d1f1f8c4fadbee10017fb34732be8c83cca2fbd80cf7f244e672c9673be1f8

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks