Overview

overview

10

Static

static

vbc (3).exe

windows7_x64

10

vbc (3).exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    vbc (3).exe1

  • Size

    207KB

  • Sample

    220707-q2ypysagf7

  • MD5

    54d3dc12ffff12444459dfc1b0d2e606

  • SHA1

    a08c50f88b078f76852fd155a5cdaa585094ba19

  • SHA256

    12bfe03fcc675f4ecacd4791a5b70aa6b48a2d847cb38c59acf6582c9c4a8f08

  • SHA512

    bd417771f74be5e613dc4a50f58e83869d4cce5a47ea400bb5f9b2d94fab9522f9a77cad6531d6131b2fe91ad9da5d3499517ee33c44b439054ef4c6d8d483e0

Score
10/10
lokibotcollectionspywarestealersuricatatrojan

Malware Config

Extracted

Family

lokibot

C2

http://hyatqfuh9olahvxf.ga/BN1/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      vbc (3).exe1

    • Size

      207KB

    • MD5

      54d3dc12ffff12444459dfc1b0d2e606

    • SHA1

      a08c50f88b078f76852fd155a5cdaa585094ba19

    • SHA256

      12bfe03fcc675f4ecacd4791a5b70aa6b48a2d847cb38c59acf6582c9c4a8f08

    • SHA512

      bd417771f74be5e613dc4a50f58e83869d4cce5a47ea400bb5f9b2d94fab9522f9a77cad6531d6131b2fe91ad9da5d3499517ee33c44b439054ef4c6d8d483e0

    Score
    10/10
    lokibotcollectionspywarestealersuricatatrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

      suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

      suricata

    • suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2

      suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2

      suricata

    • suricata: ET MALWARE LokiBot Checkin

      suricata: ET MALWARE LokiBot Checkin

      suricata

    • suricata: ET MALWARE LokiBot Fake 404 Response

      suricata: ET MALWARE LokiBot Fake 404 Response

      suricata

    • suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1

      suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1

      suricata

    • suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2

      suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2

      suricata

    • suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

      suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

      suricata

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks