Overview

overview

10

Static

static

3e5d069f7e...3d.exe

windows7_x64

10

3e5d069f7e...3d.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    3e5d069f7e0b5c6d057eb69e03da0b706b653ee934cc5a8d8958f40f190cd43d

  • Size

    952KB

  • Sample

    220701-jhv2dsacfn

  • MD5

    ae68b9dffe84e8366dc9a9e666e9b5a4

  • SHA1

    ae1a62a71c972267212357a00747d36dd4da260d

  • SHA256

    3e5d069f7e0b5c6d057eb69e03da0b706b653ee934cc5a8d8958f40f190cd43d

  • SHA512

    b27fe4bf1e882a1e6f5bbe7e7eb1e8227f4de1a41959a7f29da766a3853f327c4213022d7052f32ff0b577856efd066abf6ce6042d612b1cf78276db8f9d8555

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://www.macniica.com/bazziniltd/amadi/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      3e5d069f7e0b5c6d057eb69e03da0b706b653ee934cc5a8d8958f40f190cd43d

    • Size

      952KB

    • MD5

      ae68b9dffe84e8366dc9a9e666e9b5a4

    • SHA1

      ae1a62a71c972267212357a00747d36dd4da260d

    • SHA256

      3e5d069f7e0b5c6d057eb69e03da0b706b653ee934cc5a8d8958f40f190cd43d

    • SHA512

      b27fe4bf1e882a1e6f5bbe7e7eb1e8227f4de1a41959a7f29da766a3853f327c4213022d7052f32ff0b577856efd066abf6ce6042d612b1cf78276db8f9d8555

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks