Overview

overview

10

Static

static

8c4eb8b13e...54.exe

windows7-x64

10

8c4eb8b13e...54.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8c4eb8b13e5ad846d34febd40236f754.exe

  • Size

    779KB

  • Sample

    221005-sx2bdsega9

  • MD5

    8c4eb8b13e5ad846d34febd40236f754

  • SHA1

    71029ab778091b627e45de13bd012b868a1dbf13

  • SHA256

    828f922f8df83f0a227eab28dfd098eda156d5c286c65cbdf317c97066db3975

  • SHA512

    eccff18f0a4f150ca5b70e7331fe598ad859ff65b58cb65525aa1a4c7ec9200ab1e6bf4701db22e7ccbd35f13fc193380fa05fbfaf02e249f0603414d3074de8

  • SSDEEP

    12288:jR/4ve7HkJMJaVHVqKX0KY4sGhGPuapeMb0m1scxNEQt0O:V4ve7Hw2anqKX0KXEPneMbXscxNt0

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://208.67.105.162/smart/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      8c4eb8b13e5ad846d34febd40236f754.exe

    • Size

      779KB

    • MD5

      8c4eb8b13e5ad846d34febd40236f754

    • SHA1

      71029ab778091b627e45de13bd012b868a1dbf13

    • SHA256

      828f922f8df83f0a227eab28dfd098eda156d5c286c65cbdf317c97066db3975

    • SHA512

      eccff18f0a4f150ca5b70e7331fe598ad859ff65b58cb65525aa1a4c7ec9200ab1e6bf4701db22e7ccbd35f13fc193380fa05fbfaf02e249f0603414d3074de8

    • SSDEEP

      12288:jR/4ve7HkJMJaVHVqKX0KY4sGhGPuapeMb0m1scxNEQt0O:V4ve7Hw2anqKX0KXEPneMbXscxNt0

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks