Overview

overview

10

Static

static

3

tmp.exe

windows7-x64

10

tmp.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    tmp

  • Size

    599KB

  • Sample

    230527-nmx4rsbg26

  • MD5

    e466877037de62f5262670bc43e57b83

  • SHA1

    24d82b281fde6305048ae25420978dbe3b92e3f8

  • SHA256

    eafd24a879b0e1458630666c4dbcc4f20c14a00b48525d05ef6055312085c10d

  • SHA512

    9d1d537899487cb7860edc6a603090592f53efa85fa64b11323f3c601269fd3f0704836a8b2729bc33c7276a222f6ca7896d5310f87ff38eb85d16defca11bed

  • SSDEEP

    12288:qBxmzZBEP85qMm8pyOxiCSc9wcXpMMlng8EBVYPLskLGGouE:j9BEP81pPxTx9fS20iLGGo

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://185.246.220.60/petercody/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      tmp

    • Size

      599KB

    • MD5

      e466877037de62f5262670bc43e57b83

    • SHA1

      24d82b281fde6305048ae25420978dbe3b92e3f8

    • SHA256

      eafd24a879b0e1458630666c4dbcc4f20c14a00b48525d05ef6055312085c10d

    • SHA512

      9d1d537899487cb7860edc6a603090592f53efa85fa64b11323f3c601269fd3f0704836a8b2729bc33c7276a222f6ca7896d5310f87ff38eb85d16defca11bed

    • SSDEEP

      12288:qBxmzZBEP85qMm8pyOxiCSc9wcXpMMlng8EBVYPLskLGGouE:j9BEP81pPxTx9fS20iLGGo

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks