Overview

overview

10

Static

static

3

gunzipped.exe

windows7-x64

10

gunzipped.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    gunzipped.exe

  • Size

    635KB

  • Sample

    230703-t39qdshb46

  • MD5

    e974007d1e228949073562999017f089

  • SHA1

    4991b1d4fac8d3be281576dc3311bab678160a2b

  • SHA256

    ef954e69e445fd7a4ef88db4ec43f0b9ab80985e2de23d1fc6dfe89a8dc88970

  • SHA512

    dfda0498eea466aa7ab6e6dccbec30d2041ac78d370105d21137312cef5f358d072f394e713f08b7adcbcccc42cb64fa849ac1bc263bd9498fbe58535fa8b48f

  • SSDEEP

    12288:rnwDKxommgwuLqFJVdrclSkcYXqTuvT5H8OEJzBpy+k:rnwDKxskaV8cYmEDany

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://138.68.56.139/?p=9198360515

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      gunzipped.exe

    • Size

      635KB

    • MD5

      e974007d1e228949073562999017f089

    • SHA1

      4991b1d4fac8d3be281576dc3311bab678160a2b

    • SHA256

      ef954e69e445fd7a4ef88db4ec43f0b9ab80985e2de23d1fc6dfe89a8dc88970

    • SHA512

      dfda0498eea466aa7ab6e6dccbec30d2041ac78d370105d21137312cef5f358d072f394e713f08b7adcbcccc42cb64fa849ac1bc263bd9498fbe58535fa8b48f

    • SSDEEP

      12288:rnwDKxommgwuLqFJVdrclSkcYXqTuvT5H8OEJzBpy+k:rnwDKxskaV8cYmEDany

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks