Overview

overview

10

Static

static

Pirkimouž...�a.exe

windows7-x64

10

Pirkimouž...�a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Pirkimoužsakymas(P.O4024282)UAB Alauša.exe

  • Size

    2.4MB

  • Sample

    230126-pp2emsfa2s

  • MD5

    7a6e0d42129b3465d6405318de62a75d

  • SHA1

    27cdcd92398cd72c27b0e78890191a00e2d8b4a4

  • SHA256

    4339ebf2887db03e86b83f7108b649e724fd71795ab6dc47a4eb268a78d6809c

  • SHA512

    020c5834c52bf38d99f7fca1d911d84b4ceec164633d6c3e9fc222de075d9c621b58dd54436403127578ff464b29712b6ac97dee8c7cf9ed200080e55c6249cc

  • SSDEEP

    49152:rcE5eDLx9XZ1fbEn18u1HCc07g+Orf2BO0YZ/dV3TgFK:4eefnvfqQgrj0YR3Tg

Score
10/10
lokibotpurecryptercollectiondownloaderloaderspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

https://efvsx.ga/PWS/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      Pirkimoužsakymas(P.O4024282)UAB Alauša.exe

    • Size

      2.4MB

    • MD5

      7a6e0d42129b3465d6405318de62a75d

    • SHA1

      27cdcd92398cd72c27b0e78890191a00e2d8b4a4

    • SHA256

      4339ebf2887db03e86b83f7108b649e724fd71795ab6dc47a4eb268a78d6809c

    • SHA512

      020c5834c52bf38d99f7fca1d911d84b4ceec164633d6c3e9fc222de075d9c621b58dd54436403127578ff464b29712b6ac97dee8c7cf9ed200080e55c6249cc

    • SSDEEP

      49152:rcE5eDLx9XZ1fbEn18u1HCc07g+Orf2BO0YZ/dV3TgFK:4eefnvfqQgrj0YR3Tg

    Score
    10/10
    lokibotpurecryptercollectiondownloaderloaderspywarestealertrojan

    • Detect PureCrypter injector

      loader

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • PureCrypter

      PureCrypter is a .NET malware loader first seen in early 2021.

      loaderdownloaderpurecrypter

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks