Overview

overview

10

Static

static

3

02a4fgXPgGpv5aT.exe

windows7-x64

10

02a4fgXPgGpv5aT.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    02a4fgXPgGpv5aT.exe

  • Size

    546KB

  • Sample

    230519-bvnh3sdc8y

  • MD5

    1572d1c00328d799f4e16e3e0b583137

  • SHA1

    a953d673f9f652d57cbbdf5b7b51cbb6df2ab260

  • SHA256

    9a61f797f46dd083f31d86f2ac2ceda810b52e1088cb7697a19f87bd6c89d4a4

  • SHA512

    e3dddfa2545367eeabf4fd063cbbcecfdaa1e02d7e4fbd40b7aadb1206af781e56266656810ea1893baede53dda01595d2d717655f95adf43602b57ca114450f

  • SSDEEP

    12288:w2EuN7gSnXzHKJH2SyS/3N8/YRZjpC++:yuN7gIzHKJFK/YLh+

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://161.35.102.56/~nikol/?p=3757765559

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      02a4fgXPgGpv5aT.exe

    • Size

      546KB

    • MD5

      1572d1c00328d799f4e16e3e0b583137

    • SHA1

      a953d673f9f652d57cbbdf5b7b51cbb6df2ab260

    • SHA256

      9a61f797f46dd083f31d86f2ac2ceda810b52e1088cb7697a19f87bd6c89d4a4

    • SHA512

      e3dddfa2545367eeabf4fd063cbbcecfdaa1e02d7e4fbd40b7aadb1206af781e56266656810ea1893baede53dda01595d2d717655f95adf43602b57ca114450f

    • SSDEEP

      12288:w2EuN7gSnXzHKJH2SyS/3N8/YRZjpC++:yuN7gIzHKJFK/YLh+

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks