Overview

overview

10

Static

static

763efe2f3b...95.exe

windows7-x64

10

763efe2f3b...95.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    763efe2f3b6c77dfd94b65ee75914295.exe

  • Size

    606KB

  • Sample

    221125-jjn98sbf39

  • MD5

    763efe2f3b6c77dfd94b65ee75914295

  • SHA1

    7869300bd6629b0eb677760e10d6faec99dfaf4d

  • SHA256

    48474203ae61c55adc1b79d747c7323900246cec6eec74354dee61e378b648ef

  • SHA512

    32cc6ab149fe99691208e85c44af4c0f50d1fd053b35106f0e1b2316ebc00ed3c89d685365f07e71419489a9c8e0b30a15a3b90e99ad0b836c7b52689fe71932

  • SSDEEP

    12288:mzU3Dgh/PsZ1DX/VDJat0FrpoMAPX/v2NcAlZLxhT0/:mEDgh/Px0sMAPX/mlLhTe

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://171.22.30.164/kelly/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      763efe2f3b6c77dfd94b65ee75914295.exe

    • Size

      606KB

    • MD5

      763efe2f3b6c77dfd94b65ee75914295

    • SHA1

      7869300bd6629b0eb677760e10d6faec99dfaf4d

    • SHA256

      48474203ae61c55adc1b79d747c7323900246cec6eec74354dee61e378b648ef

    • SHA512

      32cc6ab149fe99691208e85c44af4c0f50d1fd053b35106f0e1b2316ebc00ed3c89d685365f07e71419489a9c8e0b30a15a3b90e99ad0b836c7b52689fe71932

    • SSDEEP

      12288:mzU3Dgh/PsZ1DX/VDJat0FrpoMAPX/v2NcAlZLxhT0/:mEDgh/Px0sMAPX/mlLhTe

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks