Overview

overview

10

Static

static

1c99a91428...0b.exe

windows7-x64

10

1c99a91428...0b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    dba09c71b53f5ec9eb4d0e059cc29eaf.bin

  • Size

    262KB

  • Sample

    230120-rav1esba86

  • MD5

    3f5ca7eb98dbef04201323fa9029d769

  • SHA1

    79c731fe7c1eea04b7b0912d8547de7ee8219df5

  • SHA256

    3e8f39fc47fb6d3c3318433bf057c9cf9019088007d0b3ec09716217f084cb10

  • SHA512

    3bbcf6ebb0158635b5bf21dfefadd2ec8bbcc05d34aba9faba4fadff9f065a038b2cc2326b2a3d0d2330f6d7886f28c9821a76388f45c620c4b3412094837d61

  • SSDEEP

    6144:31ULmnaXqAXAJDGtYQw/F8214YH76dwlBOAm6bS43dz7H:3EmnbpGtE8214YuilB9jbv3dHH

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://171.22.30.147/kelly/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      1c99a914285fd2e4bbf9c25627a9155db90d7859a1e17e127eb29ba0adc4ae0b.exe

    • Size

      379KB

    • MD5

      dba09c71b53f5ec9eb4d0e059cc29eaf

    • SHA1

      7515c48f24456ab7f9ee1d10fc70fe9cbe1eabe2

    • SHA256

      1c99a914285fd2e4bbf9c25627a9155db90d7859a1e17e127eb29ba0adc4ae0b

    • SHA512

      6a7eb3f81e551ada99d731c78f3ac668ca9ed12b94201539d4045a4fa3ae2882f2e02d6f29153869f80b31f7befcb71a16243206736d247975c51907c7cda3f8

    • SSDEEP

      6144:3Ya6aLpG6rcP9Dbs/ObH2qcKfmRasX27vTv3O0ajq7p5LgOq6xqUlRg:3YMLpXro9vmRRX2LTv3Op2piWxqUg

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks