Overview

overview

10

Static

static

tmp.exe

windows7-x64

1

tmp.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tmp

  • Size

    773KB

  • Sample

    230110-z1185add9s

  • MD5

    fca935bde375b17d37077ac03802f2ba

  • SHA1

    54e5b8bdb6e58122352d0fd3f0ad685c9c2ff9da

  • SHA256

    cdee68b70f34df596e447d686309f1eab16cba8cbfb281cff076fe434e92873d

  • SHA512

    b6a5eeedc30e906b720e74bf1af9d1532c89cb0162a473551712136cb67403654c42fa6f590eafaa865e1b61669e4ff9c00b15b2e22482c38f0014f165c524b5

  • SSDEEP

    24576:zgh/Ss5nyyx+NxEyazc9lF/2B5gbfVO+t4d+u:Mh/Ss5nyC+Nqyaz2eBKIq4

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://171.22.30.147/gk1/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      tmp

    • Size

      773KB

    • MD5

      fca935bde375b17d37077ac03802f2ba

    • SHA1

      54e5b8bdb6e58122352d0fd3f0ad685c9c2ff9da

    • SHA256

      cdee68b70f34df596e447d686309f1eab16cba8cbfb281cff076fe434e92873d

    • SHA512

      b6a5eeedc30e906b720e74bf1af9d1532c89cb0162a473551712136cb67403654c42fa6f590eafaa865e1b61669e4ff9c00b15b2e22482c38f0014f165c524b5

    • SSDEEP

      24576:zgh/Ss5nyyx+NxEyazc9lF/2B5gbfVO+t4d+u:Mh/Ss5nyC+Nqyaz2eBKIq4

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks