Overview

overview

10

Static

static

Bankslip_C...df.exe

windows7-x64

10

Bankslip_C...df.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Bankslip_Copy_Scan0041_pdf.exe

  • Size

    1021KB

  • Sample

    220910-jqyr9ahge4

  • MD5

    b78cba6d996cd674a134a583d7992365

  • SHA1

    cfaba1ac4b691745000948e892c668b8d4dd9431

  • SHA256

    1ff1d5a4141701b4e7fb203e2fae16d262a1a5a7f66dcf75597ca9bec9d69211

  • SHA512

    015225daaa7e7dce79a9f8be1d897809433f3ae968001ad0ffa11d700e21033a91a175ae9390eea394247186be9f2c15d349363bb807ed1a96e2272edd0be6ae

  • SSDEEP

    24576:zL4LJ/zUbcrrB2LRi4HFCfek5TknGenRS4:ALJ/LB2LRDH0Thi3

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://sempersim.su/gj23/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      Bankslip_Copy_Scan0041_pdf.exe

    • Size

      1021KB

    • MD5

      b78cba6d996cd674a134a583d7992365

    • SHA1

      cfaba1ac4b691745000948e892c668b8d4dd9431

    • SHA256

      1ff1d5a4141701b4e7fb203e2fae16d262a1a5a7f66dcf75597ca9bec9d69211

    • SHA512

      015225daaa7e7dce79a9f8be1d897809433f3ae968001ad0ffa11d700e21033a91a175ae9390eea394247186be9f2c15d349363bb807ed1a96e2272edd0be6ae

    • SSDEEP

      24576:zL4LJ/zUbcrrB2LRi4HFCfek5TknGenRS4:ALJ/LB2LRDH0Thi3

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks