Overview

overview

10

Static

static

8437891221...15.exe

windows7-x64

10

8437891221...15.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    84378912213bcf0d13d8a60344b1c0452b0f25be6a267bf594f620760c6c0915

  • Size

    1.4MB

  • Sample

    221125-k2nl4afb77

  • MD5

    11581e56cfd606532847fea32f75b1cc

  • SHA1

    ec4ea02f0919431a1917f752b6c189731eabcbb7

  • SHA256

    84378912213bcf0d13d8a60344b1c0452b0f25be6a267bf594f620760c6c0915

  • SHA512

    23f2b550697c31575aa43dd88ea4533f7daccf06daba33d12ecb04c3b588a6ebaba61fbe564906b98daf5a2c9d60c77e8d321d6470c53867a0d44e2dd69d4e4d

  • SSDEEP

    12288:iYY9egseAKtheRIY5Set8P6Bdv+DV0kEZMnGEg1QIesyd5+Q2Q1dx9IeLDrfRAaQ:FeL/r26mcuy

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://becharnise.ir/fa5/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      84378912213bcf0d13d8a60344b1c0452b0f25be6a267bf594f620760c6c0915

    • Size

      1.4MB

    • MD5

      11581e56cfd606532847fea32f75b1cc

    • SHA1

      ec4ea02f0919431a1917f752b6c189731eabcbb7

    • SHA256

      84378912213bcf0d13d8a60344b1c0452b0f25be6a267bf594f620760c6c0915

    • SHA512

      23f2b550697c31575aa43dd88ea4533f7daccf06daba33d12ecb04c3b588a6ebaba61fbe564906b98daf5a2c9d60c77e8d321d6470c53867a0d44e2dd69d4e4d

    • SSDEEP

      12288:iYY9egseAKtheRIY5Set8P6Bdv+DV0kEZMnGEg1QIesyd5+Q2Q1dx9IeLDrfRAaQ:FeL/r26mcuy

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks