Overview

overview

10

Static

static

AWB 876509873456.exe

windows7-x64

1

AWB 876509873456.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    AWB 876509873456.ace

  • Size

    526KB

  • Sample

    221006-jw468agff4

  • MD5

    4282239c803922eebe366dff5d94a7fb

  • SHA1

    033d66d35b1388195ca02d2989735ef3c624fb59

  • SHA256

    fa91bd71ccdae9330dcb6e4c8781747a4af458fe685b2cfe122be38bbc8b4d2a

  • SHA512

    d98e15d50c6ec7cf84f155b9fe8329e67c24564f882e7d1f52e458680f2297a0fc5a146e825d2e162811f5a8e2576424944f050529331a996e9b59598a016fe5

  • SSDEEP

    12288:IJGDRl8At91DWrM21598x/C7S1sMTk9WZGzhmOsbFDbiRAJtv:Dlt91DW4AtSLIX+FDb/Jtv

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://162.0.223.13/?oTWpxPBp8jPKmiIpZe60rg2knpeKuIXTCTi9JUyRdoCzHlZGz5G

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      AWB 876509873456.exe

    • Size

      864KB

    • MD5

      95447d9b7ba05236161f0cf16a613191

    • SHA1

      b0e54f1573bd15b0782582496fc7c18292d3f1b1

    • SHA256

      e46b29e73da9b6301763e29451926153ee4390538e3253b7b9db85f915be8f98

    • SHA512

      77b0ac92b76b886d13a12ee680d0d75139b98d8ceae34f2cc0af05fc2f4029ef458100cfc878fb9a95249dac999d88272883399fff35d1504c80d60d7eda546b

    • SSDEEP

      12288:GH5agfyR/4ve9/1X3TBfWTqlaAeUQzK0S8wyTR:QQ4ve9/1HVfoqlaQQzK0o8R

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks