Overview

overview

10

Static

static

5ae938385f...d3.exe

windows7-x64

10

5ae938385f...d3.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    5ae938385f833412626935ca2eaf4dd3.exe

  • Size

    694KB

  • Sample

    221103-lmma6abbem

  • MD5

    5ae938385f833412626935ca2eaf4dd3

  • SHA1

    a5cc23da589f253373292087df974cf4351a543f

  • SHA256

    93817bec58278b88fae815045d7b2705dcdc92dd78a776cc9232c3b6ddc97d78

  • SHA512

    50855e1cadba96f05a4612ae3d7eb61afa68444dcac14e07ee3ffc8381e91008e8271e9a327cc0170fe58b2b222a2241f245a9cccdfc6234b5a563f3e0fecbe7

  • SSDEEP

    12288:tnkejwFGfUzprSK+ofDMkStqv8DZMw+XM:/eGMlrSXdekU

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://sempersim.su/gl16/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      5ae938385f833412626935ca2eaf4dd3.exe

    • Size

      694KB

    • MD5

      5ae938385f833412626935ca2eaf4dd3

    • SHA1

      a5cc23da589f253373292087df974cf4351a543f

    • SHA256

      93817bec58278b88fae815045d7b2705dcdc92dd78a776cc9232c3b6ddc97d78

    • SHA512

      50855e1cadba96f05a4612ae3d7eb61afa68444dcac14e07ee3ffc8381e91008e8271e9a327cc0170fe58b2b222a2241f245a9cccdfc6234b5a563f3e0fecbe7

    • SSDEEP

      12288:tnkejwFGfUzprSK+ofDMkStqv8DZMw+XM:/eGMlrSXdekU

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks