Overview

overview

10

Static

static

992865ed84...d7.exe

windows7-x64

10

992865ed84...d7.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    992865ed84c4a800e3947eb227ed08783c8bce61cb99aad66ec4a8cfc0a263d7

  • Size

    663KB

  • Sample

    230129-yagw5ace2v

  • MD5

    98afc7591b9f631cf6c614fa221c2d9f

  • SHA1

    a12d98db4bc384e005ba290a3dd77d1177d130f7

  • SHA256

    992865ed84c4a800e3947eb227ed08783c8bce61cb99aad66ec4a8cfc0a263d7

  • SHA512

    1a16ddb3896d0d228fdce441a2f2ef1ce3e017f2e20d932987489e5cc6c9e6c0faecac8733038212838e4f81c57204c87d75c7c8273a0613e504b5b060c81033

  • SSDEEP

    12288:F1GQyrJDLvVtVSn1Ube5HFNI/HRX+yvqPUnR9pVAV8EB:CQyrJnp+mO+vqPUnJCV

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://fakeme.us/Panel/Panel/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      992865ed84c4a800e3947eb227ed08783c8bce61cb99aad66ec4a8cfc0a263d7

    • Size

      663KB

    • MD5

      98afc7591b9f631cf6c614fa221c2d9f

    • SHA1

      a12d98db4bc384e005ba290a3dd77d1177d130f7

    • SHA256

      992865ed84c4a800e3947eb227ed08783c8bce61cb99aad66ec4a8cfc0a263d7

    • SHA512

      1a16ddb3896d0d228fdce441a2f2ef1ce3e017f2e20d932987489e5cc6c9e6c0faecac8733038212838e4f81c57204c87d75c7c8273a0613e504b5b060c81033

    • SSDEEP

      12288:F1GQyrJDLvVtVSn1Ube5HFNI/HRX+yvqPUnR9pVAV8EB:CQyrJnp+mO+vqPUnJCV

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks