Overview

overview

10

Static

static

8d2ecedfce...c3.exe

windows7-x64

10

8d2ecedfce...c3.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8d2ecedfce039d12b7b70448aca40779f6fce79de3d8e40682250223bd62d9c3

  • Size

    356KB

  • Sample

    230129-yhm34sbd36

  • MD5

    5ad08184aeaa9f64bf677394b8bdf5c8

  • SHA1

    af7f79acf483d086055f458cbce23b0c93220607

  • SHA256

    8d2ecedfce039d12b7b70448aca40779f6fce79de3d8e40682250223bd62d9c3

  • SHA512

    1938f5ebfb43cfa358992e8ef002da9a04690b932bbb909c4224709f191ae42b75c1dd0c3c695fbf6f10b25fedfaf14d051cdcccfb11ec794582031db7c65e3d

  • SSDEEP

    6144:ECufjZTsT4UvncOgN2ZSfc4jxw+/E9NmjwE+GjqqYbGMo0/vswnO:ECubZGvncHgS3jxDcyIGjNAGl0Xs

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://inductotherrnindia.com/bobo/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      8d2ecedfce039d12b7b70448aca40779f6fce79de3d8e40682250223bd62d9c3

    • Size

      356KB

    • MD5

      5ad08184aeaa9f64bf677394b8bdf5c8

    • SHA1

      af7f79acf483d086055f458cbce23b0c93220607

    • SHA256

      8d2ecedfce039d12b7b70448aca40779f6fce79de3d8e40682250223bd62d9c3

    • SHA512

      1938f5ebfb43cfa358992e8ef002da9a04690b932bbb909c4224709f191ae42b75c1dd0c3c695fbf6f10b25fedfaf14d051cdcccfb11ec794582031db7c65e3d

    • SSDEEP

      6144:ECufjZTsT4UvncOgN2ZSfc4jxw+/E9NmjwE+GjqqYbGMo0/vswnO:ECubZGvncHgS3jxDcyIGjNAGl0Xs

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • CustAttr .NET packer

      Detects CustAttr .NET packer in memory.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks