Overview

overview

10

Static

static

DHL_AWB_NO...11.exe

windows7-x64

10

DHL_AWB_NO...11.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    DHL_AWB_NO_#907853880911.exe

  • Size

    968KB

  • Sample

    220913-g7rddsaffl

  • MD5

    ebed8de2a8d521b8bbcf66929a7b5765

  • SHA1

    8b2e09cf7790588524bcef74e29eafcc27975acb

  • SHA256

    bb4368d66e26c46c045239d8da5512a263700f092703ff7fe99a159236c870fc

  • SHA512

    e88cce993a8031ec2e232b5f85f3b36ffb50a3d0f6288096b1a752f331402a65755319c9fd854ffb654d2c521758c6a182b51a0c1deb18bf0915a37925aa6f83

  • SSDEEP

    24576:8dNH1IqoS7ZRNMNSm2zgsWVAuNQzXiSIBtdN41p:8TvoeOKcs23WABtM

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://sempersim.su/gk12/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      DHL_AWB_NO_#907853880911.exe

    • Size

      968KB

    • MD5

      ebed8de2a8d521b8bbcf66929a7b5765

    • SHA1

      8b2e09cf7790588524bcef74e29eafcc27975acb

    • SHA256

      bb4368d66e26c46c045239d8da5512a263700f092703ff7fe99a159236c870fc

    • SHA512

      e88cce993a8031ec2e232b5f85f3b36ffb50a3d0f6288096b1a752f331402a65755319c9fd854ffb654d2c521758c6a182b51a0c1deb18bf0915a37925aa6f83

    • SSDEEP

      24576:8dNH1IqoS7ZRNMNSm2zgsWVAuNQzXiSIBtdN41p:8TvoeOKcs23WABtM

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks