Overview

overview

10

Static

static

1

tmp.exe

windows7-x64

10

tmp.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tmp

  • Size

    786KB

  • Sample

    230306-sa9dgsch55

  • MD5

    fc7405792929990276c6c16585272006

  • SHA1

    43aca47fe5239863a1b7a88ccafa194044a857fc

  • SHA256

    213733de61216a784d1133b8fcfcf7fdb5df435edad425bb3476b250a86e18f8

  • SHA512

    1a5320fdb9394c9850680accf463cca0e08b6a98f37e5574a3f00fc075ea1e39a4144f1f78088a7e8a83f2da9249859584524d6d27aadf11c544422d622a11a4

  • SSDEEP

    24576:VcA3cOQ4XFF3lVXKv1GGdwDLNuWwSMx5Jlom/sYVh8cYiw:r1pLXetdWuWwS+PoFYVh81N

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://208.67.105.148/okuma/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      tmp

    • Size

      786KB

    • MD5

      fc7405792929990276c6c16585272006

    • SHA1

      43aca47fe5239863a1b7a88ccafa194044a857fc

    • SHA256

      213733de61216a784d1133b8fcfcf7fdb5df435edad425bb3476b250a86e18f8

    • SHA512

      1a5320fdb9394c9850680accf463cca0e08b6a98f37e5574a3f00fc075ea1e39a4144f1f78088a7e8a83f2da9249859584524d6d27aadf11c544422d622a11a4

    • SSDEEP

      24576:VcA3cOQ4XFF3lVXKv1GGdwDLNuWwSMx5Jlom/sYVh8cYiw:r1pLXetdWuWwS+PoFYVh81N

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks