Overview

overview

10

Static

static

1

1f973d307a...20.exe

windows7-x64

10

1f973d307a...20.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8c3c941efdc044a57a89a4163918acb2.bin

  • Size

    127KB

  • Sample

    230226-bw5trafa9v

  • MD5

    d7946de44b8f470027141e8a69642d1d

  • SHA1

    22f0ef2308123171c6378f85a0c56b374bb7a670

  • SHA256

    c386ce06c4664f572da78b3bc728d8d875a9e1c5931b83436f0e474ea02deff4

  • SHA512

    d9fe94ba3eb72860b088e47538a99edb801c4557b8e6231285b5b12f573d21393965dc1e6cf61dd6df38fd5b5bf3a4fe62530a9d63834493bf119b115110a4c0

  • SSDEEP

    3072:mZkFhHaWNYGt7yY0nTTdN9YwwaqEarIpBkdztpVd3DIp:ekjNiGt73g3dNW77fIpc10p

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

https://sempersim.su/ha19/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      1f973d307ac6766796e6abcaf1c71b8e506859ebf82d9d176fafc564383b2e20.exe

    • Size

      192KB

    • MD5

      8c3c941efdc044a57a89a4163918acb2

    • SHA1

      1682b1832b65cb2a6ee775a5e4f2c024058acdb7

    • SHA256

      1f973d307ac6766796e6abcaf1c71b8e506859ebf82d9d176fafc564383b2e20

    • SHA512

      7fa397240fc455b288c6c3306d00b75660e942849b9510fea2a84223f1b9b15947ecf86b06a9cd25af7be58126db4e224e6e289f283809f2ec932608a93a4994

    • SSDEEP

      3072:25mJMInhU7WuCr4VT+3HmDqg4Aa2oAnq5mnzL/:3PhCWuCryT+Wm8a5QP

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks