Overview

overview

10

Static

static

smss.exe

windows7-x64

10

smss.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    smss.exe

  • Size

    724KB

  • Sample

    230118-ldy9csae4w

  • MD5

    3310b5f39ab503686d40d3200cc8dc6a

  • SHA1

    a5d4fab40cb1f92e4c936c565fe8c2e7c6534245

  • SHA256

    5c4150bcd76286fc146426b16eae5c0ec7b5e539a6e1d010caa2ddb88e3fa8c0

  • SHA512

    7d411cdad761099a36a92a0d24c9dd9e576eb1973d2047a0ddd837141d48190207d3d8a68aab9cd45ab3718f92f21c06c69254feee5b67a2e47a3b4f31767d3c

  • SSDEEP

    12288:7OTlXnu0b+NoexY/i26bU07wsB3OwbNPg46h/SmzNo:7OTlX3+NNx8iPwCje/LzN

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://171.22.30.147/line/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      smss.exe

    • Size

      724KB

    • MD5

      3310b5f39ab503686d40d3200cc8dc6a

    • SHA1

      a5d4fab40cb1f92e4c936c565fe8c2e7c6534245

    • SHA256

      5c4150bcd76286fc146426b16eae5c0ec7b5e539a6e1d010caa2ddb88e3fa8c0

    • SHA512

      7d411cdad761099a36a92a0d24c9dd9e576eb1973d2047a0ddd837141d48190207d3d8a68aab9cd45ab3718f92f21c06c69254feee5b67a2e47a3b4f31767d3c

    • SSDEEP

      12288:7OTlXnu0b+NoexY/i26bU07wsB3OwbNPg46h/SmzNo:7OTlX3+NNx8iPwCje/LzN

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks