Overview

overview

10

Static

static

3

63327bbf1b...ea.exe

windows7-x64

1

63327bbf1b...ea.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d29862a821bc742d24c346287c79ca1a.bin

  • Size

    422KB

  • Sample

    230519-cf82xaee69

  • MD5

    7c9bf969c09572b5b95a2d0b61fda92b

  • SHA1

    36603453050c8d6d01c0cf1fb523a09df49ed041

  • SHA256

    8b823ea8ed9e228ae2a2eb438ef7d7edae7e9a6ee1c48538a620ce94f028209a

  • SHA512

    11e9cd94102ee9f602d96e2b4d44b62750bd637670600a26342a15f5847a8e26dc930c5189c463dab964e8dd59d472a7cb8e17d01fa37001c4c13f9d5e0a5ad2

  • SSDEEP

    12288:Q/trtbmo9DExjNeMhIda6FMve0H3wPLFU0VImg:QFr9m6wbeL0oM2e6q0uV

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://185.246.220.60/bugg/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      63327bbf1b0a378cc3e8419ba34385e5ec8d47a04f90546eaf31c55f7fff15ea.exe

    • Size

      547KB

    • MD5

      d29862a821bc742d24c346287c79ca1a

    • SHA1

      30a36578576a17b82a6338fd72ad975b5d82e794

    • SHA256

      63327bbf1b0a378cc3e8419ba34385e5ec8d47a04f90546eaf31c55f7fff15ea

    • SHA512

      282a034bb366042f8882140377af646c88dbdbe5ec4bb77ca5717f9266cc04e3ab6768eb94858193f2f465bda239be00aefdd317b407af2b1bd5c8f061303422

    • SSDEEP

      6144:rf5nyB4b2znBDGjUG7ygNGNm5d+zA1qz75sMr/D29Fr31/PzC06x7CGYbx53I80g:rfV9yBSjUwzNdEAAmvr3Ze06RC1vl

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks