Overview

overview

10

Static

static

tmp.exe

windows7-x64

10

tmp.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tmp

  • Size

    892KB

  • Sample

    230113-h3j9ysah3s

  • MD5

    5c72298e5af94875ccb602c95a21fbf1

  • SHA1

    ef58f09b6ed8e3c22660587c004068b6c0133a96

  • SHA256

    598f5fd81b120f42e8b453a4b23e47c5b1299fb362144c5b84b0afc0228022fd

  • SHA512

    3764495622b587877f9bcc129a018c3b1615fe0fada626c592955dde5ffe49b6d355da656be2afc0b9183aeb0594f9f0b3a77b89d083bf8803a886deb1680502

  • SSDEEP

    12288:TC7Y/2dZQ97Vzgh/R20BeGJwqI5LGKmi9+4X3GEVOyioJi9u2XyDRRS8f:TC7Rabzgh/R20BqeIRdcNy1RSw

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://208.67.105.148/fresh2/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      tmp

    • Size

      892KB

    • MD5

      5c72298e5af94875ccb602c95a21fbf1

    • SHA1

      ef58f09b6ed8e3c22660587c004068b6c0133a96

    • SHA256

      598f5fd81b120f42e8b453a4b23e47c5b1299fb362144c5b84b0afc0228022fd

    • SHA512

      3764495622b587877f9bcc129a018c3b1615fe0fada626c592955dde5ffe49b6d355da656be2afc0b9183aeb0594f9f0b3a77b89d083bf8803a886deb1680502

    • SSDEEP

      12288:TC7Y/2dZQ97Vzgh/R20BeGJwqI5LGKmi9+4X3GEVOyioJi9u2XyDRRS8f:TC7Rabzgh/R20BqeIRdcNy1RSw

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks