Overview

overview

10

Static

static

1

365ee9ffdc...0c.exe

windows7-x64

10

365ee9ffdc...0c.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    a088dcb9ad5349ef886336c6ebfd85e7.bin

  • Size

    488KB

  • Sample

    230203-knsc5add32

  • MD5

    dd31b10e083952b32d13c9ad096fea8b

  • SHA1

    d306cfd68787351753884c803295fd01e5dbc0af

  • SHA256

    756fc6b1178a9d87bcf70ad9cb3e02cae5d881f1f9e30c21024d24b2278c3b78

  • SHA512

    6a5b1aae02c464f2674cfcf86ec0e33e373471c14b2fe24257bc5174e5f812191d42fd22db4f57d398b279875cd6249fa8cb7db88860f5e52553e2e510d71562

  • SSDEEP

    12288:SFAlg3GqZIMhGtuGAINS71n8AgtfmhzK8:SFAUV76TBUZ8SzK8

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

https://sempersim.su/ha6/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      365ee9ffdc4bf18f837088cb56943a90a5da4f1bd86f431abf2994e218b60e0c.exe

    • Size

      705KB

    • MD5

      a088dcb9ad5349ef886336c6ebfd85e7

    • SHA1

      91b430e9640c43b684d9ca98944c5b191b94c57e

    • SHA256

      365ee9ffdc4bf18f837088cb56943a90a5da4f1bd86f431abf2994e218b60e0c

    • SHA512

      15b70be528b0804b7c88d3346b740766c53b6629e9eb4e970e39e4fec6d2221204bf164598cb598b09aeae811dc60f395bdee8896b10e30528b1a992c48b45f2

    • SSDEEP

      12288:GVfHc4SeSMdN+zORpcoxr8z9i7+pvrc4N34:GVHc/ebIORpjr8zw6Rrc4N34

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks