Overview

overview

10

Static

static

1

0455be9da5...6d.exe

windows7-x64

10

0455be9da5...6d.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0455be9da54c7231fea1f2fae056f36d.exe

  • Size

    353KB

  • Sample

    230420-cxevdsha5y

  • MD5

    0455be9da54c7231fea1f2fae056f36d

  • SHA1

    49d7a9eb258f5ee93c3985e38e4eca852c37dfef

  • SHA256

    93cc16dfe8c10579f28d8d70196f5c64044493818861f32c9d3e8f15cc3b7aaa

  • SHA512

    e8c0f9b183d86577a8d7aa86cf0de2930b3c4f7880fed8a5c6980ecd9e59ee65ca8be840d180469c22e3a4738c375b70db3f9ec9aaafc2abac083a2d623e997a

  • SSDEEP

    6144:g2euhqu9r/bsW+ERywB6v01RfRmI0Hn20:g2Dhb5zsW+jwY017AP

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://185.246.220.85/fresh/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      0455be9da54c7231fea1f2fae056f36d.exe

    • Size

      353KB

    • MD5

      0455be9da54c7231fea1f2fae056f36d

    • SHA1

      49d7a9eb258f5ee93c3985e38e4eca852c37dfef

    • SHA256

      93cc16dfe8c10579f28d8d70196f5c64044493818861f32c9d3e8f15cc3b7aaa

    • SHA512

      e8c0f9b183d86577a8d7aa86cf0de2930b3c4f7880fed8a5c6980ecd9e59ee65ca8be840d180469c22e3a4738c375b70db3f9ec9aaafc2abac083a2d623e997a

    • SSDEEP

      6144:g2euhqu9r/bsW+ERywB6v01RfRmI0Hn20:g2Dhb5zsW+jwY017AP

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks