lgoogloader | 8e9c6b72a19705e65d654814d0770a67c7c4a2e52915f6115dc740ab254ed4a9 | Triage

Submit
Reports

Overview

overview

Static

static

3

a.exe

windows10-2004-x64

Resubmissions

20-05-2023 01:01

230520-bdhlhahd64 10

20-05-2023 00:59

230520-bb6wbahd52 10

17-05-2023 15:12

230517-sld2qafe25 10

16-05-2023 18:13

230516-wt6ngsbb3s 10

16-05-2023 18:11

230516-wsz5babb2w 10

16-05-2023 18:10

230516-wr6wgabb2s 10

16-05-2023 18:03

230516-wm22qabh79 10

Sharing

General

Target

a.bin
Size

5KB
Sample

230516-wt6ngsbb3s
MD5

69525fa93fd47eb3c533afe3b1baba48
SHA1

3dea1b337987177c73c64e89b370d90dc94c64cb
SHA256

8e9c6b72a19705e65d654814d0770a67c7c4a2e52915f6115dc740ab254ed4a9
SHA512

909202467de5c96404c154cd3be55643df62c13c395bd6e0406be5834c3a10b953f42cc3520ac5979af754af192260ec737d19892333e5a8dfab79aef9b23182
SSDEEP

48:6di2oYDjX9iqhf3FXfkQHjJhyPFlWa8tYDdqIYM/cphuOulavTqXSfbNtm:uNiqp3JkQHyDUtE2WcpisvNzNt

Score

10^/10

lgoogloader lokibot pandastealer redline persom downloader evasion infostealer spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

a.exe

Resource

win10v2004-20230220-en

lgoogloader lokibot pandastealer redline persom downloader evasion infostealer spyware stealer trojan

windows10-2004-x64

18 signatures

1800 seconds

Malware Config

Extracted

Family

redline

Botnet

PERSOM

C2

176.124.219.192:14487

Attributes

auth_value
0695a610af712a57529526101d7e83b2

Extracted

Family

lokibot

C2

http://185.246.220.85/zang1/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  a.bin
- Size
  
  5KB
- MD5
  
  69525fa93fd47eb3c533afe3b1baba48
- SHA1
  
  3dea1b337987177c73c64e89b370d90dc94c64cb
- SHA256
  
  8e9c6b72a19705e65d654814d0770a67c7c4a2e52915f6115dc740ab254ed4a9
- SHA512
  
  909202467de5c96404c154cd3be55643df62c13c395bd6e0406be5834c3a10b953f42cc3520ac5979af754af192260ec737d19892333e5a8dfab79aef9b23182
- SSDEEP
  
  48:6di2oYDjX9iqhf3FXfkQHjJhyPFlWa8tYDdqIYM/cphuOulavTqXSfbNtm:uNiqp3JkQHyDUtE2WcpisvNzNt
Score

10^/10

lgoogloader lokibot pandastealer redline persom downloader evasion infostealer spyware stealer trojan
- Detects LgoogLoader payload
- LgoogLoader
  A downloader capable of dropping and executing other malware families.
  downloader lgoogloader
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Panda Stealer payload
- PandaStealer
  Panda Stealer is a fork of CollectorProject Stealer written in C++.
  stealer pandastealer
- RedLine
  RedLine Stealer is a malware family written in C#, first appearing in early 2020.
  infostealer redline
- RedLine payload
- Downloads MZ/PE file
- Stops running service(s)
  evasion
- Uses the VBS compiler for execution
- Legitimate hosting services abused for malware hosting/C2
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scripting

Persistence

Modify Existing Service

Privilege Escalation

Defense Evasion

Impair Defenses

Scripting

Web Service

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Web Service

Exfiltration

Impact

Service Stop

Tasks

static1

behavioral1

lgoogloaderlokibotpandastealerredlinepersomdownloaderevasioninfostealerspywarestealertrojan

© 2018-2024

Terms | Privacy