Overview

overview

10

Static

static

Swift Copy.exe

windows7-x64

10

Swift Copy.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Swift Copy.exe

  • Size

    698KB

  • Sample

    220929-f9fh8sahhl

  • MD5

    0a99061b72976690d691965f3f769029

  • SHA1

    0f18e36ba4f9c237a581d84b1c432e057bdbf640

  • SHA256

    22ec78245f539dccb24499087dc288cc5f32a12c1871bc4b098896566439706a

  • SHA512

    b9b8c21b492dd21ae2e8be13825e7a6b56d6cb36fff53070f27d0710515cce2693d19234152c0931971fd43af4688aab04363e5fdd24397d16bc8fec8bdcf23c

  • SSDEEP

    6144:EfeWkoOdCpoajJRvwDVkwZdLLQJdWoLiA0Z1GGoxaKbHk4IxlY3/6UP453hrKLhX:9iAtdLUXOTZEEKbERs3iUP45RrucP

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://sempersim.su/gk18/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      Swift Copy.exe

    • Size

      698KB

    • MD5

      0a99061b72976690d691965f3f769029

    • SHA1

      0f18e36ba4f9c237a581d84b1c432e057bdbf640

    • SHA256

      22ec78245f539dccb24499087dc288cc5f32a12c1871bc4b098896566439706a

    • SHA512

      b9b8c21b492dd21ae2e8be13825e7a6b56d6cb36fff53070f27d0710515cce2693d19234152c0931971fd43af4688aab04363e5fdd24397d16bc8fec8bdcf23c

    • SSDEEP

      6144:EfeWkoOdCpoajJRvwDVkwZdLLQJdWoLiA0Z1GGoxaKbHk4IxlY3/6UP453hrKLhX:9iAtdLUXOTZEEKbERs3iUP45RrucP

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks