Overview

overview

10

Static

static

d75ab85906...ae.exe

windows7-x64

10

d75ab85906...ae.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    00472fb7e9be629b6d8a1436949bbfb1.bin

  • Size

    688KB

  • Sample

    230120-qd545afg5x

  • MD5

    59e2e8b03720160f3744e433c7e04b5d

  • SHA1

    4962d78cc24d1b706ac173a922e80d5588f13ae9

  • SHA256

    3fb2ae8f8e712bacf0063b158abc366acc4718fe52fe0d3efbfd95e885ce0389

  • SHA512

    df7a32a7a7f7a5b201f7880c9aa05a48c4d3bc717117700231018b8c8cb72edd5d430baa0c3ff5449dd41ba662ff807394645af38afa3236ba57de451c5374fe

  • SSDEEP

    12288:P6xKjIAd57nIuSUGC4t0FqvnTXFgPqUtwb3NcwFRd8rHpL+GoQuAM0n:P9jt5sCdFq5gPqMYfOHBxopY

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://208.67.105.148/fresh2/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      d75ab859064eaea321a5a7f11a4b0cb4ab85d987c41f293ea879e374b7348cae.exe

    • Size

      811KB

    • MD5

      00472fb7e9be629b6d8a1436949bbfb1

    • SHA1

      34d8bde6eafd60b22e64690472ee5607ad954948

    • SHA256

      d75ab859064eaea321a5a7f11a4b0cb4ab85d987c41f293ea879e374b7348cae

    • SHA512

      e4ffa3e4a6eb652c82aaf769f1800046c256bec8c9c685abf73e3e3992af5101240b3bc241ee2888802a5df0498448aed074876236fe292b3ded977c9f6a6acd

    • SSDEEP

      24576:u+pmxdK1vfXdyg55Gs5nyyxDqEZV/NWCHgh/Wgfz:ubxdsvP0KGs5nyCDqEZVeh/Wgf

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks