Overview

overview

10

Static

static

3

DHL Receip...08.exe

windows7-x64

10

DHL Receip...08.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    DHL Receipt_AWB8114704847708.exe

  • Size

    586KB

  • Sample

    230502-gekedahg69

  • MD5

    ac45a574aeeaa5bfef5cc1ceada9876b

  • SHA1

    7d0a230786b2e2dd47ab411040ebf4923459b3d1

  • SHA256

    1f47fd5fd29e245b6ec3f3e178890bd987903f558a220e9d9451417c75e7d831

  • SHA512

    37b634e7b2a0a0352c4f60a0a9225ae52a1d184e37c6114ecc1571faf554cb87ea95109bc5035f451600bc91d4232d2efd1bc2cef434999600a93bb75888fca6

  • SSDEEP

    12288:U9d59j8Sb0nVFxjbxVdS3OqJj6EPJctIY2SZZp5D:CPj8SSVFxxVdsOA6Eetx95D

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://104.156.227.195/~blog/?p=8487516010

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      DHL Receipt_AWB8114704847708.exe

    • Size

      586KB

    • MD5

      ac45a574aeeaa5bfef5cc1ceada9876b

    • SHA1

      7d0a230786b2e2dd47ab411040ebf4923459b3d1

    • SHA256

      1f47fd5fd29e245b6ec3f3e178890bd987903f558a220e9d9451417c75e7d831

    • SHA512

      37b634e7b2a0a0352c4f60a0a9225ae52a1d184e37c6114ecc1571faf554cb87ea95109bc5035f451600bc91d4232d2efd1bc2cef434999600a93bb75888fca6

    • SSDEEP

      12288:U9d59j8Sb0nVFxjbxVdS3OqJj6EPJctIY2SZZp5D:CPj8SSVFxxVdsOA6Eetx95D

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks