Overview

overview

10

Static

static

SecuriteIn...41.exe

windows7-x64

10

SecuriteIn...41.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Win32.PWSX-gen.7894.18041.exe

  • Size

    271KB

  • Sample

    221129-mm81laea3x

  • MD5

    94eee2b3f0cdd96443ce5b40fdfbb478

  • SHA1

    a3e3f0c0667b69f8df853cb8d81b4beb7cdf4b0c

  • SHA256

    3b035fe66db6dd547d83303dad5af3f830ad102703324606c09e0e17076495d6

  • SHA512

    eb65979eb2106ec14cc4cb1b33291166dd77046ecb9b0733758d50fbf9046381c52c96c4276fead52c85b450e2afa1fbf101f33804022ca59497270f565ffe5c

  • SSDEEP

    6144:yswLlfy4t93basZbuG3qpUgo9CGjk6yllL:eJfvP3basL3soFjjQd

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://171.22.30.164/mous/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      SecuriteInfo.com.Win32.PWSX-gen.7894.18041.exe

    • Size

      271KB

    • MD5

      94eee2b3f0cdd96443ce5b40fdfbb478

    • SHA1

      a3e3f0c0667b69f8df853cb8d81b4beb7cdf4b0c

    • SHA256

      3b035fe66db6dd547d83303dad5af3f830ad102703324606c09e0e17076495d6

    • SHA512

      eb65979eb2106ec14cc4cb1b33291166dd77046ecb9b0733758d50fbf9046381c52c96c4276fead52c85b450e2afa1fbf101f33804022ca59497270f565ffe5c

    • SSDEEP

      6144:yswLlfy4t93basZbuG3qpUgo9CGjk6yllL:eJfvP3basL3soFjjQd

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks