Overview

overview

10

Static

static

44b7c58282...39.exe

windows7_x64

10

44b7c58282...39.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    44b7c582820e20a915798796353858a74d81d49309b8f643866e6001fb271439

  • Size

    1.2MB

  • Sample

    220707-w2f3ssgff3

  • MD5

    b003ed75933bd5e39203e6da8aa0ab00

  • SHA1

    237aae1d7c13c62469620f5840e832659c043d5e

  • SHA256

    44b7c582820e20a915798796353858a74d81d49309b8f643866e6001fb271439

  • SHA512

    a2075fa4670ba9138572b9de380b3aac8944e790e36dc60e524c4354aaa174dc2291ea52fa3cc882d731b6c1bdffbd2d014deece8ef1b07a54d92c713012e9a4

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://getupandcboz.com/amb/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      44b7c582820e20a915798796353858a74d81d49309b8f643866e6001fb271439

    • Size

      1.2MB

    • MD5

      b003ed75933bd5e39203e6da8aa0ab00

    • SHA1

      237aae1d7c13c62469620f5840e832659c043d5e

    • SHA256

      44b7c582820e20a915798796353858a74d81d49309b8f643866e6001fb271439

    • SHA512

      a2075fa4670ba9138572b9de380b3aac8944e790e36dc60e524c4354aaa174dc2291ea52fa3cc882d731b6c1bdffbd2d014deece8ef1b07a54d92c713012e9a4

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks