Overview

overview

10

Static

static

3

8840414a8b...d4.exe

windows7-x64

1

8840414a8b...d4.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    8840414a8ba647e57aeadfa3fc8edbd4.exe

  • Size

    546KB

  • Sample

    230519-hnmfrsff26

  • MD5

    8840414a8ba647e57aeadfa3fc8edbd4

  • SHA1

    fdc4e15fbfd34a2a880a6f34a4d6c79b39c9b832

  • SHA256

    856afd89ee07b6f8be9906cb827c0cc407a6be6f19925f77e76fedaf512e5305

  • SHA512

    7f1ee12485edd3a9bd72719302f5ac16aed220268df1bc016b0ee93714ec9abd063024c3f229d9a19a45e5afdbf082681157555497fff88df34ec21aefb5b1b8

  • SSDEEP

    12288:F2z5jMGDZQbYQO3mZbjakp3pKdiixtTdzJ0RCL:A5jMr0QOgPl3pQiGtT1ug

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://171.22.30.147/ugopounds/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      8840414a8ba647e57aeadfa3fc8edbd4.exe

    • Size

      546KB

    • MD5

      8840414a8ba647e57aeadfa3fc8edbd4

    • SHA1

      fdc4e15fbfd34a2a880a6f34a4d6c79b39c9b832

    • SHA256

      856afd89ee07b6f8be9906cb827c0cc407a6be6f19925f77e76fedaf512e5305

    • SHA512

      7f1ee12485edd3a9bd72719302f5ac16aed220268df1bc016b0ee93714ec9abd063024c3f229d9a19a45e5afdbf082681157555497fff88df34ec21aefb5b1b8

    • SSDEEP

      12288:F2z5jMGDZQbYQO3mZbjakp3pKdiixtTdzJ0RCL:A5jMr0QOgPl3pQiGtT1ug

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks