Overview

overview

10

Static

static

3

MegrendelÃ...UC.exe

windows7-x64

10

MegrendelÃ...UC.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1839d60cf892ae968e59ad532281b0fe.bin

  • Size

    19KB

  • Sample

    230608-bgh2faab57

  • MD5

    0eb18ccef491864125c6aef9a0b37486

  • SHA1

    b44c0d6b9e392e59513c6d34d62c8fca1b211640

  • SHA256

    522c136a5648148e12e1178ebae504cd81cb6e95e79d16f6a0ef77c051e57ddf

  • SHA512

    592e5a919001039a7701a488b5b7d28130f693e925efda13e48021fa9f4ff7dc0fb1ae836857f20d374c0107c7be2a12166b6924b2966ce6545afb0d3a88d440

  • SSDEEP

    384:Boj7+kH/5m9W55WlKBgsSgRSh5WLTFhBYEuhNCtHxznq9kGnDWz:Q7PHND1EhEFhbgyxz0Dg

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://efvsx.cf/PWS/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      Megrendelés_(P.O_5029063)_FANUC.exe

    • Size

      37KB

    • MD5

      7c823274ec6a711a73c4c7df54d1d4cd

    • SHA1

      8c78efece5e8c83205df2b18390b3e53396bd237

    • SHA256

      b432b8aa06d6977b2f87eafa17634e0fded464c7a521e0120c393c4f4d084fc9

    • SHA512

      f6e14be4995d1f74ee9c18f2797035a99ddb95f62f3d1c9dd8b522da290e94e8a32f6a739ee4e930f2c9d3f93eb35cff33b44a8d8bd915b1d0fee14b19e8c475

    • SSDEEP

      768:bNyecx7gKng+pF0WeIUDNC6YGcoMcRC7n8Yila:b0ecx7g+70dIUpC6YFoFo78lla

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks