Overview

overview

10

Static

static

69aa032feb...78.exe

windows7-x64

10

69aa032feb...78.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    69aa032feb31ac2f4be69daedbbaa778.exe

  • Size

    841KB

  • Sample

    221010-r3514acddr

  • MD5

    69aa032feb31ac2f4be69daedbbaa778

  • SHA1

    e8be338027012eb25d4ef173c11833f6a22f34a0

  • SHA256

    27a76f7fb0fa5630adad494016a95d53607d0e3f2a3ba98e62ed7d98aad7d882

  • SHA512

    f6305e33996d6a7fbe6f2f220e60f05efeb0d596c9f69ef8e30a6f0d15548a78001fd22e72c391de066b17ec37d91746e2561dc6db00cf97a02e67a0d25a675c

  • SSDEEP

    12288:kqROTapF0KhRQv16ZrAhK4SDEPW0WFvqyzDJ2u:k+yapedyDoWFFI

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://208.67.105.162/smart/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      69aa032feb31ac2f4be69daedbbaa778.exe

    • Size

      841KB

    • MD5

      69aa032feb31ac2f4be69daedbbaa778

    • SHA1

      e8be338027012eb25d4ef173c11833f6a22f34a0

    • SHA256

      27a76f7fb0fa5630adad494016a95d53607d0e3f2a3ba98e62ed7d98aad7d882

    • SHA512

      f6305e33996d6a7fbe6f2f220e60f05efeb0d596c9f69ef8e30a6f0d15548a78001fd22e72c391de066b17ec37d91746e2561dc6db00cf97a02e67a0d25a675c

    • SSDEEP

      12288:kqROTapF0KhRQv16ZrAhK4SDEPW0WFvqyzDJ2u:k+yapedyDoWFFI

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks