Overview

overview

10

Static

static

4383de80c7...16.exe

windows7_x64

10

4383de80c7...16.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4383de80c7bd78d1e35e3d5a0d92a8edf079362a6503894c9be4735a5bb21716

  • Size

    545KB

  • Sample

    220707-2ks9paehem

  • MD5

    3cad7ef8cd70c33e6e7e383301fbf4a1

  • SHA1

    c2d3575588b565b1406bcf6dcaeac7ca3ddebc00

  • SHA256

    4383de80c7bd78d1e35e3d5a0d92a8edf079362a6503894c9be4735a5bb21716

  • SHA512

    304dc5566ba0f81e3da65d0d2d7ecc842981c48180137fc6079cd0240955871b7eeb815e033574ecd96c813b42066de124193bc7aaa1351641ff9a2e04121444

Score
10/10
lokibotcollectionpersistencespywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://parkrosegroup.info/lewy/sun/ernest/solar/gem/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      4383de80c7bd78d1e35e3d5a0d92a8edf079362a6503894c9be4735a5bb21716

    • Size

      545KB

    • MD5

      3cad7ef8cd70c33e6e7e383301fbf4a1

    • SHA1

      c2d3575588b565b1406bcf6dcaeac7ca3ddebc00

    • SHA256

      4383de80c7bd78d1e35e3d5a0d92a8edf079362a6503894c9be4735a5bb21716

    • SHA512

      304dc5566ba0f81e3da65d0d2d7ecc842981c48180137fc6079cd0240955871b7eeb815e033574ecd96c813b42066de124193bc7aaa1351641ff9a2e04121444

    Score
    10/10
    lokibotcollectionpersistencespywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Adds Run key to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks