Overview

overview

10

Static

static

2da909ad3c...e9.exe

windows7-x64

10

2da909ad3c...e9.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2da909ad3c9a5533872aef49d36d4ff2bd34c867bfc7079d9ded046f4f3f25e9

  • Size

    412KB

  • Sample

    230129-1f5aqadf55

  • MD5

    bbec222b8fad51bd86a5d20e8d25d63c

  • SHA1

    eda1757dfb6158765be5edb108af348cf8f6a11c

  • SHA256

    2da909ad3c9a5533872aef49d36d4ff2bd34c867bfc7079d9ded046f4f3f25e9

  • SHA512

    e98ef3c1a8f1f16c6891be58f63871ae3775b2144003761ff6b632c976a10fa25d7d2a0b0e208bc6d615a1affa5027389dea9e931afebef04b17e2dcb365bec9

  • SSDEEP

    6144:cmCwAA8ejFkg6GG1Xtyi87O+HL8D5uYcLca0DtoHAwzc1lY/qp8llUW:cLbAJFkDGKXtyiuC2wpkc1lOLUW

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://opdebeeck-vvorth.com/f3/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      2da909ad3c9a5533872aef49d36d4ff2bd34c867bfc7079d9ded046f4f3f25e9

    • Size

      412KB

    • MD5

      bbec222b8fad51bd86a5d20e8d25d63c

    • SHA1

      eda1757dfb6158765be5edb108af348cf8f6a11c

    • SHA256

      2da909ad3c9a5533872aef49d36d4ff2bd34c867bfc7079d9ded046f4f3f25e9

    • SHA512

      e98ef3c1a8f1f16c6891be58f63871ae3775b2144003761ff6b632c976a10fa25d7d2a0b0e208bc6d615a1affa5027389dea9e931afebef04b17e2dcb365bec9

    • SSDEEP

      6144:cmCwAA8ejFkg6GG1Xtyi87O+HL8D5uYcLca0DtoHAwzc1lY/qp8llUW:cLbAJFkDGKXtyiuC2wpkc1lOLUW

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks