Overview

overview

10

Static

static

9ae97e832e...e2.exe

windows7-x64

10

9ae97e832e...e2.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    b98727e791f0d577d71eb9ca233d7d9b.bin

  • Size

    267KB

  • Sample

    230120-radq5sba83

  • MD5

    c2ebc3c0b4190579be0a9fa6abb1147f

  • SHA1

    e03dab128ed2358376421dac90e783855644a716

  • SHA256

    b4b91ec279ef9a76856760c350e59e1d7e96c1b921fe7a2121093e2dccdb51b9

  • SHA512

    c777637508a01a450e1c03f3ccad841a70c38455adc862ca534a54f861a99bb0a5b38720c42238d972d917a5f6afe18f10da924425b8956aad836b837a59c395

  • SSDEEP

    6144:DJWTKXgPVxrbXHjcI5ZhEf3BAWPjIvmP26mmrP:DJk59xrbX5bw3BtEOe6mk

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://171.22.30.147/kelly/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      9ae97e832eb469696126acef1245094cee8c496f2cd4e0ae68cd3b923d7117e2.exe

    • Size

      596KB

    • MD5

      b98727e791f0d577d71eb9ca233d7d9b

    • SHA1

      108b1efdabf10836584c22ae042b5913d7a5a856

    • SHA256

      9ae97e832eb469696126acef1245094cee8c496f2cd4e0ae68cd3b923d7117e2

    • SHA512

      19cb802c64fcef080c35fff81bad5c2d4d862a443025bf0da733ed1d8b8ad5f57cc019f16e66fd91d78aef4d8777e30bae5d8bc8cb8871b88475cee847a537c0

    • SSDEEP

      6144:4Ya6XCxwHwR6cDMOjbqEXtkhMEhd8toZxucQ7SEZijHo9NWCdkcg7vXy5HTx:4YBxgb+M4QzZibGWCdPAqtl

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks