Overview

overview

10

Static

static

swift copy.xls

windows7-x64

10

swift copy.xls

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    swift copy.xls

  • Size

    1.0MB

  • Sample

    221125-hzzkgaab57

  • MD5

    b7a1c1235321ffac30bd93e68e6b05fa

  • SHA1

    d3465699ad750e86448ab9bfc7fa991ec11202f4

  • SHA256

    d8434c7afbabf1d54dc2552defb21ec3c084169b9ad9db801c230e5b1a512a8b

  • SHA512

    85c289e43c32f0ac1e68430d26d2540c4ffb18a4d01efff2c31a6a3b0584be09bfb6a0f315c0bf501d38ba4afe167e60afe92f0ef586822e70a83c562d1610fb

  • SSDEEP

    24576:pr5XXXXXXXXXXXXUXXXXXXXSXXXXXXXXYmRr5XXXXXXXXXXXXUXXXXXXXSXXXXXj:nWyd

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://sempersim.su/gm13/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      swift copy.xls

    • Size

      1.0MB

    • MD5

      b7a1c1235321ffac30bd93e68e6b05fa

    • SHA1

      d3465699ad750e86448ab9bfc7fa991ec11202f4

    • SHA256

      d8434c7afbabf1d54dc2552defb21ec3c084169b9ad9db801c230e5b1a512a8b

    • SHA512

      85c289e43c32f0ac1e68430d26d2540c4ffb18a4d01efff2c31a6a3b0584be09bfb6a0f315c0bf501d38ba4afe167e60afe92f0ef586822e70a83c562d1610fb

    • SSDEEP

      24576:pr5XXXXXXXXXXXXUXXXXXXXSXXXXXXXXYmRr5XXXXXXXXXXXXUXXXXXXXSXXXXXj:nWyd

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks