Overview

overview

10

Static

static

94b663af14...77.exe

windows7-x64

10

94b663af14...77.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9cbc533aff85bb22a0c012e58d2a1778.bin

  • Size

    244KB

  • Sample

    230123-sk7yeadh27

  • MD5

    f6a1c4424fe9cf42c09af15755ada791

  • SHA1

    8e072e2b70898b7df232575e12cb4c5b87708e4b

  • SHA256

    f59b1d73dda7c1c4b29a3f23819eef55f76046c7863613cb6b89bb3274746c6c

  • SHA512

    b8e295b7a242ecc09789808c941c967b47cded8356379e149bac2d1c6effd5be4f6506c94bbb4b7b387c8dd785aea2307285bd9dea7d356feb561ad61d59bf79

  • SSDEEP

    6144:V7gr9xT2YxEiVwUp9iCBqJaT3GIWa1756nA3/AgjF5/:VMrqYxEiKUP/AJu3HIWIgjL/

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

https://sempersim.su/ha1/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      94b663af143a52ec5359cfff5de5a8a7bca5c9a137b67cbe0b6e5a934d140b77.exe

    • Size

      410KB

    • MD5

      9cbc533aff85bb22a0c012e58d2a1778

    • SHA1

      9598a98df4ceac0388e76af0cc39b4fc26700984

    • SHA256

      94b663af143a52ec5359cfff5de5a8a7bca5c9a137b67cbe0b6e5a934d140b77

    • SHA512

      0a48ef29983e20250e1ecf1e7e5b682694c1a46c2bbf3c11f28b2bfc92e8d80e346d64db26aea1bf293d2b9ecbc1499cd16e939c3b83c91dce9cf86825481e57

    • SSDEEP

      6144:oYa6K3bNiLERtuuxfcZHBiRxOij2oG5pT52EPqzbBq:oYw3bcQuuxfc1IMi452EwBq

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks