Overview

overview

10

Static

static

1

OFFER N130...59.exe

windows7-x64

10

OFFER N130...59.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    OFFER N13042023-G759.exe

  • Size

    517KB

  • Sample

    230418-l1ylcace5t

  • MD5

    ecd9e6a9d8960019251fea913b291736

  • SHA1

    48427d9923316ff44a8e3404daa1674dd3ded5e1

  • SHA256

    cfe9a5c61a337677133e024d05f571e038c970fac99e7a9c4c96a6f13d1d0d84

  • SHA512

    2ebffedf7626dd14a1a24732f255dc04682207d89f4a5e859e8e7c72433d7b6008fe1cfc7187382d8b790898ec3799b20fabe238d96858b9b25edac38eefbd48

  • SSDEEP

    6144:zI2dyvZnbqjcLA+P3BSRRnAe8AuCPF8liLaxKwSwXBwW3ehSvFA+R8PH0I7KE4c8:zOnbqjcs+5qnFLxL0yhmfRq0IEvJM

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://185.246.220.85/testi/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      OFFER N13042023-G759.exe

    • Size

      517KB

    • MD5

      ecd9e6a9d8960019251fea913b291736

    • SHA1

      48427d9923316ff44a8e3404daa1674dd3ded5e1

    • SHA256

      cfe9a5c61a337677133e024d05f571e038c970fac99e7a9c4c96a6f13d1d0d84

    • SHA512

      2ebffedf7626dd14a1a24732f255dc04682207d89f4a5e859e8e7c72433d7b6008fe1cfc7187382d8b790898ec3799b20fabe238d96858b9b25edac38eefbd48

    • SSDEEP

      6144:zI2dyvZnbqjcLA+P3BSRRnAe8AuCPF8liLaxKwSwXBwW3ehSvFA+R8PH0I7KE4c8:zOnbqjcs+5qnFLxL0yhmfRq0IEvJM

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks