Overview

overview

10

Static

static

1

TRANSFER.exe

windows7-x64

10

TRANSFER.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    TRANSFERENCIA RÁPIDA.IMG

  • Size

    1.2MB

  • Sample

    230208-ztndpafe9z

  • MD5

    dada3a7206cbc5bc068e0309b2a2a68d

  • SHA1

    83733f34e5d6c550a0c4b7a2c4c87cdc178be1b0

  • SHA256

    4516464ea0f1737577c1bef1720182cacdca6b3598b010cb0a8522bf393b6b0c

  • SHA512

    12d6ce472bfa42b0b7e1885f0f3d99876098a22b4bf7988c24ce307d6e578ea7d94cf09cfb9d6a0520d6e99919d7de7de6d0f19835a6a3ebc259173a74e2b9df

  • SSDEEP

    24576:2ub8vOztLHKNu+A+/1b9bupzrd8GrQk2SP8:2jupzrdV0R

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

https://sempersim.su/ha7/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      TRANSFER.EXE

    • Size

      512KB

    • MD5

      1086aab81143886e9f560384829f7c6f

    • SHA1

      d9855483093d9a6ed8844c490fb6718437bcbc3f

    • SHA256

      66c8806ba383d1c3671492bff679e2ee9e5f4d384b5a317a44ff45c4410a1e86

    • SHA512

      e11fba1774658df4b824ad83224f8ba347cfcbd2d1108ea2be23c5fc820ce02ff2c9de1d1d919174d85d00dce56c5205be1c4813fe964645cc3641dfe7133ddd

    • SSDEEP

      12288:OHOSiPb+HT0qE8S6S7ztLHKNu+A+/1bkYbupzTY0tKGIfpBGrQk2SP8D:Oub8vOztLHKNu+A+/1b9bupzrd8GrQkY

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks