Overview

overview

10

Static

static

1

PROFORMA N...df.exe

windows7-x64

10

PROFORMA N...df.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PROFORMA N.71A 03-02-2023pdf.exe

  • Size

    747KB

  • Sample

    230203-lrnd1sdh67

  • MD5

    018abbc00af05f8e7349c3b3d0786862

  • SHA1

    049e6854e7a49fa9c45a1580293814fa49ac1580

  • SHA256

    eb152370bc4424a178832f9e8c1c06f527f0a4a2e1ac2cf1e671e0290a098eb7

  • SHA512

    a5bec7bffb8291533f7767960173a2543ad112f5316fcdcfe06a3b0e5ddb8089f8a59744b5c62852275d5b44c7d3f7185979e7831cb7f0b3f7382b503905db5f

  • SSDEEP

    12288:dhefaqG4yPap6Fy2MxzHhoOtG0OqwXURf3:LeSqG4yPap6F0xW4IUR/

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

https://sempersim.su/ha8/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      PROFORMA N.71A 03-02-2023pdf.exe

    • Size

      747KB

    • MD5

      018abbc00af05f8e7349c3b3d0786862

    • SHA1

      049e6854e7a49fa9c45a1580293814fa49ac1580

    • SHA256

      eb152370bc4424a178832f9e8c1c06f527f0a4a2e1ac2cf1e671e0290a098eb7

    • SHA512

      a5bec7bffb8291533f7767960173a2543ad112f5316fcdcfe06a3b0e5ddb8089f8a59744b5c62852275d5b44c7d3f7185979e7831cb7f0b3f7382b503905db5f

    • SSDEEP

      12288:dhefaqG4yPap6Fy2MxzHhoOtG0OqwXURf3:LeSqG4yPap6F0xW4IUR/

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks