Overview

overview

10

Static

static

fbfff6bcad...le.zip

windows7-x64

1

fbfff6bcad...le.zip

windows10-2004-x64

1

Product Inquiry.exe

windows7-x64

10

Product Inquiry.exe

windows10-2004-x64

10

Resubmissions

28-09-2022 11:40

220928-ns1f3sfga3 10

28-09-2022 11:38

220928-nrwfqsgham 10

20-09-2022 18:29

220920-w4ww2aebe7 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    fbfff6bcad01af250db49a1c8eae44a9-sample.zip

  • Size

    503KB

  • Sample

    220928-ns1f3sfga3

  • MD5

    b20805db63f19da1656c79c0bb273954

  • SHA1

    d6f56a58dd80bfe42dcac8fb274c44ae90dd5567

  • SHA256

    abd7e51d52da6b1e70a77a71be712b2b8ff73030401850f39979841c9233d7a2

  • SHA512

    9dfd7e3163ee0e15a97739056f0863483bd8b8e277256ec756f4a8bb5d8f15183ccea27221afeacd6bf23f69e2593cf19d63ea4964a130cf7408720c8b1e327c

  • SSDEEP

    12288:8JJZCP3EGE4pM4xoPkotKCOBLRKIJ5E8kFfaZif5g1fiNI/u5yCvuVvRC:8cP3EerbbFRHJ639sF13CvWA

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://162.0.223.13/?loop

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      fbfff6bcad01af250db49a1c8eae44a9-sample.zip

    • Size

      503KB

    • MD5

      b20805db63f19da1656c79c0bb273954

    • SHA1

      d6f56a58dd80bfe42dcac8fb274c44ae90dd5567

    • SHA256

      abd7e51d52da6b1e70a77a71be712b2b8ff73030401850f39979841c9233d7a2

    • SHA512

      9dfd7e3163ee0e15a97739056f0863483bd8b8e277256ec756f4a8bb5d8f15183ccea27221afeacd6bf23f69e2593cf19d63ea4964a130cf7408720c8b1e327c

    • SSDEEP

      12288:8JJZCP3EGE4pM4xoPkotKCOBLRKIJ5E8kFfaZif5g1fiNI/u5yCvuVvRC:8cP3EerbbFRHJ639sF13CvWA

    Score
    1/10
    behavioral1behavioral2

    • Target

      Product Inquiry.exe

    • Size

      739KB

    • MD5

      e39415e5d17d41a78225c01891aa22f2

    • SHA1

      8904aad72fd51eb5562d778d146fd0b103e3b38e

    • SHA256

      77c100c1960321c3fa9be5157fb9f9e21d9c0ab60d1106df819e431516462ce4

    • SHA512

      763c25df84b349ca9fac593adc242bb47e1daa18e87e01e986a6680acca2eec85b9de05939493842945bf9c4693d156e71fd843b4501a36eaf99929a95134cef

    • SSDEEP

      12288:IfGMXIWX76Gbs4AobUmYBEmYHgYRFVNJw2Ma1ryxG:IfGbI7pq3EnxW9apyxG

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral3behavioral4

MITRE ATT&CK Enterprise v6

Tasks