Overview

overview

10

Static

static

e83c7a2ed2...9e.exe

windows7_x64

10

e83c7a2ed2...9e.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e83c7a2ed2023c62b2a761a09ec482023a66e18a2fb104b1d829653f7ba8b59e

  • Size

    444KB

  • Sample

    220707-ntxrkshed5

  • MD5

    458485361f8283a3b84e7f086883048b

  • SHA1

    f49aa7c000a8f2027a638c5d776dd169e42fcb5b

  • SHA256

    e83c7a2ed2023c62b2a761a09ec482023a66e18a2fb104b1d829653f7ba8b59e

  • SHA512

    3ffa03cc1c11f2e786ee2ecbd48a6322d8593597d4c0f79905808dc6ecc805d38cb645fbb9bf0b996b9a18676cb833a649b06f28595e19af0f0821be533390d2

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

https://komputerowybank.pl/images/gini/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      e83c7a2ed2023c62b2a761a09ec482023a66e18a2fb104b1d829653f7ba8b59e

    • Size

      444KB

    • MD5

      458485361f8283a3b84e7f086883048b

    • SHA1

      f49aa7c000a8f2027a638c5d776dd169e42fcb5b

    • SHA256

      e83c7a2ed2023c62b2a761a09ec482023a66e18a2fb104b1d829653f7ba8b59e

    • SHA512

      3ffa03cc1c11f2e786ee2ecbd48a6322d8593597d4c0f79905808dc6ecc805d38cb645fbb9bf0b996b9a18676cb833a649b06f28595e19af0f0821be533390d2

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks