Overview

overview

10

Static

static

MV SUNICST...00.exe

windows7-x64

10

MV SUNICST...00.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MV SUNICSTARVSL0234100.exe

  • Size

    614KB

  • Sample

    230118-j548ksch69

  • MD5

    7882e3b7067f6a3697d909e6c497ddf1

  • SHA1

    96e6d081c33d080f98d23f1f9253e5cc8b03c0c2

  • SHA256

    c385c23b938ed45a8f5df078799725e38973684a1762c346ae1a92fc2bcad2f6

  • SHA512

    518f3f14add38ddb8200161152f4c599c41abd1d0cefa3a4b5b875edd1f98ebb08c6439c30fda0014150b1258fda404adb79f8f641228a60013e69a54c6e949f

  • SSDEEP

    12288:L54Ynu0b+NoexY/KpYEulnduzfFONTD8Tlj/:KY3+NNx8KpY9lndkEB8Tlj

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://171.22.30.164/prime1/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      MV SUNICSTARVSL0234100.exe

    • Size

      614KB

    • MD5

      7882e3b7067f6a3697d909e6c497ddf1

    • SHA1

      96e6d081c33d080f98d23f1f9253e5cc8b03c0c2

    • SHA256

      c385c23b938ed45a8f5df078799725e38973684a1762c346ae1a92fc2bcad2f6

    • SHA512

      518f3f14add38ddb8200161152f4c599c41abd1d0cefa3a4b5b875edd1f98ebb08c6439c30fda0014150b1258fda404adb79f8f641228a60013e69a54c6e949f

    • SSDEEP

      12288:L54Ynu0b+NoexY/KpYEulnduzfFONTD8Tlj/:KY3+NNx8KpY9lndkEB8Tlj

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks