Overview

overview

10

Static

static

44beb3fa7f...d8.exe

windows7_x64

10

44beb3fa7f...d8.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    44beb3fa7f259e84db61deeae974b8deea7d91772d78f21f8053ee66896e63d8

  • Size

    220KB

  • Sample

    220707-wyfymaged5

  • MD5

    6bbfca2a1cf9ae7e7f3ffe9ec1e4c4fc

  • SHA1

    b3bd05d25bb5f6e5bd1f7687fb8ddc988f05f913

  • SHA256

    44beb3fa7f259e84db61deeae974b8deea7d91772d78f21f8053ee66896e63d8

  • SHA512

    49678bb517e430686c7369d3378accc81a9de3f4f272a5cfec5f5cd1533be54f77940e359c1c4a076f71726e1058692ec3511f24ac72da59d97bde020186b3a4

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://kotiaseed.com/234/loki/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      44beb3fa7f259e84db61deeae974b8deea7d91772d78f21f8053ee66896e63d8

    • Size

      220KB

    • MD5

      6bbfca2a1cf9ae7e7f3ffe9ec1e4c4fc

    • SHA1

      b3bd05d25bb5f6e5bd1f7687fb8ddc988f05f913

    • SHA256

      44beb3fa7f259e84db61deeae974b8deea7d91772d78f21f8053ee66896e63d8

    • SHA512

      49678bb517e430686c7369d3378accc81a9de3f4f272a5cfec5f5cd1533be54f77940e359c1c4a076f71726e1058692ec3511f24ac72da59d97bde020186b3a4

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks