Overview

overview

10

Static

static

1

oustanding...ce.exe

windows7-x64

10

oustanding...ce.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    oustanding invoice.exe

  • Size

    691KB

  • Sample

    230207-jkg8badd3x

  • MD5

    977b2f9659866470764c169348e3ce8e

  • SHA1

    1a9e9555059a62747b9d7c570397d282315fb253

  • SHA256

    c7b0a971fcc7c2583cc85f297f6371d70b7f00df4ed538a6c54abd4574e580f7

  • SHA512

    8e42be74101f0e27648321dcb5979fc671640df2b0c218eb2175f9fea02cbbfaecdacad366433b041b8e175b48f7cb20cf8cda16de4c3b54314f3fb6b19ba4d2

  • SSDEEP

    12288:GOrx7p58lCrd4gyQapWMsCf8zajEkxxTNX2lM/5EAkLBWZ17YM2PA:TrxN5IC54TWMemjRx92l45BCgIMSA

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://208.67.105.148/primeminister/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      oustanding invoice.exe

    • Size

      691KB

    • MD5

      977b2f9659866470764c169348e3ce8e

    • SHA1

      1a9e9555059a62747b9d7c570397d282315fb253

    • SHA256

      c7b0a971fcc7c2583cc85f297f6371d70b7f00df4ed538a6c54abd4574e580f7

    • SHA512

      8e42be74101f0e27648321dcb5979fc671640df2b0c218eb2175f9fea02cbbfaecdacad366433b041b8e175b48f7cb20cf8cda16de4c3b54314f3fb6b19ba4d2

    • SSDEEP

      12288:GOrx7p58lCrd4gyQapWMsCf8zajEkxxTNX2lM/5EAkLBWZ17YM2PA:TrxN5IC54TWMemjRx92l45BCgIMSA

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks