Overview

overview

10

Static

static

1

f98faf03ba...4b.exe

windows7-x64

10

f98faf03ba...4b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f98faf03ba802e5b99c10fdfa94dfc49c1a678526a5a23d9b9bc1136fc5c664b

  • Size

    150KB

  • Sample

    230129-xvlv5sad53

  • MD5

    7beb8b29bdd2bbda9c1cfffc4c738e42

  • SHA1

    8cd5ea58f39d335d51216e02984c0362b845aa01

  • SHA256

    f98faf03ba802e5b99c10fdfa94dfc49c1a678526a5a23d9b9bc1136fc5c664b

  • SHA512

    470ced42f89af58e8a63b809f9025d3f7e96c5b9dfb1bb371ce2879f7465dc782873beda5ddd6edac496663dccb3a7772a8d2e22c13a234988074c8662e3d116

  • SSDEEP

    3072:5f1BDZ0kVB67Duw9AMcAbGYlTHvOiNcNfsR0m6wK9Vh5lszjYbZRr0f8T2g:59X0GKG8pSGKmUh7s/oAjg

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://51.195.53.221/p.php/S7zr5v1fXI3Rb

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      f98faf03ba802e5b99c10fdfa94dfc49c1a678526a5a23d9b9bc1136fc5c664b

    • Size

      150KB

    • MD5

      7beb8b29bdd2bbda9c1cfffc4c738e42

    • SHA1

      8cd5ea58f39d335d51216e02984c0362b845aa01

    • SHA256

      f98faf03ba802e5b99c10fdfa94dfc49c1a678526a5a23d9b9bc1136fc5c664b

    • SHA512

      470ced42f89af58e8a63b809f9025d3f7e96c5b9dfb1bb371ce2879f7465dc782873beda5ddd6edac496663dccb3a7772a8d2e22c13a234988074c8662e3d116

    • SSDEEP

      3072:5f1BDZ0kVB67Duw9AMcAbGYlTHvOiNcNfsR0m6wK9Vh5lszjYbZRr0f8T2g:59X0GKG8pSGKmUh7s/oAjg

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks