Overview

overview

10

Static

static

3

SecuriteIn...04.exe

windows7-x64

10

SecuriteIn...04.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SecuriteInfo.com.Win32.PWSX-gen.13822.29104.exe

  • Size

    625KB

  • Sample

    230426-f66agshc3t

  • MD5

    b734afdd8e03ba28718c10dee9ed2b0c

  • SHA1

    f924e10f4c82759a20f2e0683fe55f4bb321e56c

  • SHA256

    2834cfeb660413fad1cd516023cc6563d06233d0ec802370c70842f3bd9691e5

  • SHA512

    20a7855862c52b38a10d8daa6190ea76868fca2653885d874f741fda5824009262f9a2625274c9b5908394677fe7dbf4e46660a3a8910c0af02403a41629ac0e

  • SSDEEP

    12288:diU8kIDycHhTqshwWfWbCgClFyuJU+UGWA:diU8kIDycBTVKeS+FJU6

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://104.156.227.195/~blog/?p=6151643

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      SecuriteInfo.com.Win32.PWSX-gen.13822.29104.exe

    • Size

      625KB

    • MD5

      b734afdd8e03ba28718c10dee9ed2b0c

    • SHA1

      f924e10f4c82759a20f2e0683fe55f4bb321e56c

    • SHA256

      2834cfeb660413fad1cd516023cc6563d06233d0ec802370c70842f3bd9691e5

    • SHA512

      20a7855862c52b38a10d8daa6190ea76868fca2653885d874f741fda5824009262f9a2625274c9b5908394677fe7dbf4e46660a3a8910c0af02403a41629ac0e

    • SSDEEP

      12288:diU8kIDycHhTqshwWfWbCgClFyuJU+UGWA:diU8kIDycBTVKeS+FJU6

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks