Overview

overview

10

Static

static

1

e973ddbe5b...a5.exe

windows7-x64

10

e973ddbe5b...a5.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    9e1935a47f0fc0de66b4a98556336d46.bin

  • Size

    589KB

  • Sample

    230206-lwyqjsge91

  • MD5

    5953008e9be6944ece0fb9c5e696a1e9

  • SHA1

    ff8fb4115fd4490228e0b627bcd2df17827f5d6c

  • SHA256

    228d9829a5767849ddd30deca6f7125e430082da21dfdafda13234f2f67a19a7

  • SHA512

    fea07af5ac7bf0a9e94347043dab04c1eccf9fda8c710869881aca6ddb2cfe6198049bd2af0701c4cffd309ab136eb82b3cc5310974f90a0fe6bfee75d48a356

  • SSDEEP

    12288:oc3EGfLbhM+lgJ4FxSz+Mq6uA2SM//OrNy73KwDozhXfJ+C3lI:v3/w4fMq6uA23/iN1wDYXoC32

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

https://sempersim.su/ha8/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      e973ddbe5be12de3bb6c48532e99abd8a5e9b44b084a388c89690309c7c38da5.exe

    • Size

      752KB

    • MD5

      9e1935a47f0fc0de66b4a98556336d46

    • SHA1

      8cacf3fa719e158213189b0ec89f8813c4d21297

    • SHA256

      e973ddbe5be12de3bb6c48532e99abd8a5e9b44b084a388c89690309c7c38da5

    • SHA512

      93d5f772f3ca308cb9c249c70e5a538ec399e3db902d945f6ee4d08ff399947a4a0d35899b1dc9ebc47d37b6693db5a8787386498e8eeb152c172c924c23590a

    • SSDEEP

      12288:f2iNZlSE+AB6Fy2Mxz0hAy9yVrNgFW9zktGU83Sg43pqG4yPa:f1dH+AB6F0x10yFFVktGz3tYpqG4yPa

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks