Overview

overview

10

Static

static

1

FedEx Invo...1..exe

windows7-x64

10

FedEx Invo...1..exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    FedEx Invoice-XXXXX4210-02032023073135894221..exe

  • Size

    778KB

  • Sample

    230314-gjwm7sfh2x

  • MD5

    d47b74492c684a51c8fa13aed993f026

  • SHA1

    a3a69abede0d295d888dffe0796920ad274f5919

  • SHA256

    00b36130f2bb86e3a1c5716bd75266ce9341aafb8a0e06bdc1e009c113d6314b

  • SHA512

    ae33fdf37786e2fdb9db3b5dd7dcd03d12d6450a149f927d20bc2a485608cb2f055763cba30fa99473e13c12b94f23bdb48b9003c5e53cd477ea655f073b8521

  • SSDEEP

    12288:oYuWJsMSz4oqtmGstI7s2/dE69sUaJlj6BZ52CAX38yHi/:jsMSz4oqtmGs0xjwZ+Auz

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://68.183.13.128/?page_id=6303

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      FedEx Invoice-XXXXX4210-02032023073135894221..exe

    • Size

      778KB

    • MD5

      d47b74492c684a51c8fa13aed993f026

    • SHA1

      a3a69abede0d295d888dffe0796920ad274f5919

    • SHA256

      00b36130f2bb86e3a1c5716bd75266ce9341aafb8a0e06bdc1e009c113d6314b

    • SHA512

      ae33fdf37786e2fdb9db3b5dd7dcd03d12d6450a149f927d20bc2a485608cb2f055763cba30fa99473e13c12b94f23bdb48b9003c5e53cd477ea655f073b8521

    • SSDEEP

      12288:oYuWJsMSz4oqtmGstI7s2/dE69sUaJlj6BZ52CAX38yHi/:jsMSz4oqtmGs0xjwZ+Auz

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks