Overview

overview

10

Static

static

vbc.exe

windows7-x64

10

vbc.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    vbc.exe

  • Size

    410KB

  • Sample

    230118-w76kmsfa55

  • MD5

    9cbc533aff85bb22a0c012e58d2a1778

  • SHA1

    9598a98df4ceac0388e76af0cc39b4fc26700984

  • SHA256

    94b663af143a52ec5359cfff5de5a8a7bca5c9a137b67cbe0b6e5a934d140b77

  • SHA512

    0a48ef29983e20250e1ecf1e7e5b682694c1a46c2bbf3c11f28b2bfc92e8d80e346d64db26aea1bf293d2b9ecbc1499cd16e939c3b83c91dce9cf86825481e57

  • SSDEEP

    6144:oYa6K3bNiLERtuuxfcZHBiRxOij2oG5pT52EPqzbBq:oYw3bcQuuxfc1IMi452EwBq

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

https://sempersim.su/ha1/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      vbc.exe

    • Size

      410KB

    • MD5

      9cbc533aff85bb22a0c012e58d2a1778

    • SHA1

      9598a98df4ceac0388e76af0cc39b4fc26700984

    • SHA256

      94b663af143a52ec5359cfff5de5a8a7bca5c9a137b67cbe0b6e5a934d140b77

    • SHA512

      0a48ef29983e20250e1ecf1e7e5b682694c1a46c2bbf3c11f28b2bfc92e8d80e346d64db26aea1bf293d2b9ecbc1499cd16e939c3b83c91dce9cf86825481e57

    • SSDEEP

      6144:oYa6K3bNiLERtuuxfcZHBiRxOij2oG5pT52EPqzbBq:oYw3bcQuuxfc1IMi452EwBq

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks