Overview

overview

10

Static

static

3

7YHvyCLMWl1PX56.exe

windows7-x64

10

7YHvyCLMWl1PX56.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7YHvyCLMWl1PX56.exe

  • Size

    559KB

  • Sample

    230509-h4cw9seg24

  • MD5

    4351c7260beabee81ded4fa872cb9412

  • SHA1

    2cea4a20d8d45f8f2b6c4f7bacd1a4a8683b5127

  • SHA256

    4920cdf96db967e0df5414de0d8318d018be7af985158dddd3a4cf77af565bf9

  • SHA512

    d40b6b5f0fbab9308cafe1730cd044b0fd3e06d717aff658c7f500a548264fc061d4576836d486424867268c015881c1476c6b2c8255f7eb131a69af72c54689

  • SSDEEP

    12288:XoO+vWjqtARQd6zscogpIabc1omz7EdhQ8zJG3FreOrbNj5AyCr:XNyAjzsBMhmz7EtzoYOX30

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://104.156.227.195/~blog/?p=369572314317708

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      7YHvyCLMWl1PX56.exe

    • Size

      559KB

    • MD5

      4351c7260beabee81ded4fa872cb9412

    • SHA1

      2cea4a20d8d45f8f2b6c4f7bacd1a4a8683b5127

    • SHA256

      4920cdf96db967e0df5414de0d8318d018be7af985158dddd3a4cf77af565bf9

    • SHA512

      d40b6b5f0fbab9308cafe1730cd044b0fd3e06d717aff658c7f500a548264fc061d4576836d486424867268c015881c1476c6b2c8255f7eb131a69af72c54689

    • SSDEEP

      12288:XoO+vWjqtARQd6zscogpIabc1omz7EdhQ8zJG3FreOrbNj5AyCr:XNyAjzsBMhmz7EtzoYOX30

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks