Overview

overview

10

Static

static

3

0744eccf5d...06.exe

windows7-x64

10

0744eccf5d...06.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    0744eccf5d93cf89589d70ea7a164506

  • Size

    661KB

  • Sample

    230611-2pfjdsab95

  • MD5

    0744eccf5d93cf89589d70ea7a164506

  • SHA1

    0aa8c63b584f83ddd58b490915a60bf085c67528

  • SHA256

    b0fd06eb989e91464f06adbe44109286942dd3fff9b8a20b627a4e2294e25e42

  • SHA512

    f29756a0cdd1e690845e37aecb2ebb94a49e7ab21074f081c3516bcd598a81ddeeb5eb07d429e824540e94292ca1c7a5c25513e0d55250e75df29bd378f2dd9b

  • SSDEEP

    12288:VxPWR28Le0cY+Yg9fb9Ton+K6euQMhCfh4ooWWl3XrEnk:V1+xL9Rk9en+Kzu7AZ4oilQk

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://161.35.102.56/~nikol/?p=882166721559

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      0744eccf5d93cf89589d70ea7a164506

    • Size

      661KB

    • MD5

      0744eccf5d93cf89589d70ea7a164506

    • SHA1

      0aa8c63b584f83ddd58b490915a60bf085c67528

    • SHA256

      b0fd06eb989e91464f06adbe44109286942dd3fff9b8a20b627a4e2294e25e42

    • SHA512

      f29756a0cdd1e690845e37aecb2ebb94a49e7ab21074f081c3516bcd598a81ddeeb5eb07d429e824540e94292ca1c7a5c25513e0d55250e75df29bd378f2dd9b

    • SSDEEP

      12288:VxPWR28Le0cY+Yg9fb9Ton+K6euQMhCfh4ooWWl3XrEnk:V1+xL9Rk9en+Kzu7AZ4oilQk

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks