Overview

overview

10

Static

static

3

856d9678db...b4.exe

windows7-x64

10

856d9678db...b4.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    02a79386fdafb2aa8ec52c697de3dd8a.bin

  • Size

    596KB

  • Sample

    230612-bcmttsac93

  • MD5

    e5cd56791bf47c0ffac9db377595d1df

  • SHA1

    5785b82fb3a41ffb4aab6a2c8f2778e1a4e43427

  • SHA256

    4cdad867f0629d59f62226ec62e96461ecc75ea77ef59a4db7c5f6ea197de264

  • SHA512

    2a43949c952eb7cde81df8441a6b268901ae050134b262aa403b88838131c4c29720fefbce8f8282f78fc9e3338c24e3e48c5ea4ebcd2d8b5f67e524878bfbd8

  • SSDEEP

    12288:KitutVDgmes36nHtz0zmTpHFiuU1FV0afizZyqKST8q3EO0bZ:btaVUmes3KzokpHFlpdzcHST9AbZ

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://161.35.102.56/~nikol/?p=143606594

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      856d9678db405a6c131e80b60351819e8ec3ed19b043d170d19ca078f7723ab4.exe

    • Size

      660KB

    • MD5

      02a79386fdafb2aa8ec52c697de3dd8a

    • SHA1

      296589389728d2118d57df5cc5495743fb72531a

    • SHA256

      856d9678db405a6c131e80b60351819e8ec3ed19b043d170d19ca078f7723ab4

    • SHA512

      547b40fccdcd84cf2b715dcc9167c2307e8692c6d5599b04836036ed37f4912440086faad28ac9bd861e2b4814c19de47aa18eeed41d411550e8915a88907b85

    • SSDEEP

      12288:lXgPWR28Le0cY+Yg9fb9Zkkd7VVs+aU0lYskLMmz5ewuDlt/dqxkofbQfZrpHTiw:lXM+xL9Rk9TpNMYhLMu5XGboxkcbV

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks