Overview

overview

10

Static

static

2f5eecb848...b2.exe

windows7-x64

10

2f5eecb848...b2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2f5eecb848a4c1b8104ba8b4268903b2.exe

  • Size

    606KB

  • Sample

    221125-jjn98sbf38

  • MD5

    2f5eecb848a4c1b8104ba8b4268903b2

  • SHA1

    4f34c7da23557cc510bf348f6f6d2e1ae0a4f14c

  • SHA256

    bf75a62137b0ee47efed0ac115acc90259e78ffe5513c1c3893d7c8fb70beede

  • SHA512

    fb4656ef34a54f64aabccd00a00e324c57122d5ad37f4b9f6e9b84f43e643288d38a3aecdabd78e3385e026b432fc6064ea6466548006c09e047fe4f96a7e55f

  • SSDEEP

    12288:Mugh/PsZ1DX/VDJcqU1/OcHJ05P4cwkg0BlK7c7D2:Mugh/PDFvG+7kg0PK4

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://208.67.105.148/victor/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      2f5eecb848a4c1b8104ba8b4268903b2.exe

    • Size

      606KB

    • MD5

      2f5eecb848a4c1b8104ba8b4268903b2

    • SHA1

      4f34c7da23557cc510bf348f6f6d2e1ae0a4f14c

    • SHA256

      bf75a62137b0ee47efed0ac115acc90259e78ffe5513c1c3893d7c8fb70beede

    • SHA512

      fb4656ef34a54f64aabccd00a00e324c57122d5ad37f4b9f6e9b84f43e643288d38a3aecdabd78e3385e026b432fc6064ea6466548006c09e047fe4f96a7e55f

    • SSDEEP

      12288:Mugh/PsZ1DX/VDJcqU1/OcHJ05P4cwkg0BlK7c7D2:Mugh/PDFvG+7kg0PK4

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks