Overview

overview

10

Static

static

3

l782A3e9OsE8Djz.exe

windows7-x64

10

l782A3e9OsE8Djz.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    E-statement.PDF.gz

  • Size

    420KB

  • Sample

    230705-vm8zlaed92

  • MD5

    e60ec699d6565ec02de2ee1947a0d989

  • SHA1

    3b589054015317d8311a2029b3e578ba23977a60

  • SHA256

    da38394125f1bda65c0dc7c7e31822aac279b1935953d25582b794367e6d6fc3

  • SHA512

    606980182356c7636b2d6007bc87ee850c3a34ed6a1a08195a1c5b8355eaa9fa60831e134ff50b13e4e185a3361548931acbcd99d00ac4d51c0e7df7abaa3d21

  • SSDEEP

    12288:rY7qHz3Zu662qMgAI5quCbq5QRqnsTFh/Xo2OFeN:r5zZgqgTmbqKgnQb/o2UeN

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://138.68.56.139/?p=9198360515

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      l782A3e9OsE8Djz.exe

    • Size

      530KB

    • MD5

      b0f46371154a8b925b6d5d4dc87163c2

    • SHA1

      66f801df9154c6b1c79015a451a513d5a5669aab

    • SHA256

      b0de8a9389022bc6f2ea96463883bc55724ee041f21ce3e7ec05107e68234232

    • SHA512

      40bcbfce6fd0e48b8abe6acbd07e413e72228b3bfd46a63c01167b5b28a1585ab27714010c542f485a1c5f7f028b75f81f7723ab04ae783b13f51b911b702ae8

    • SSDEEP

      12288:WC333uqqeNhAIVupAlUd25QdqnsrD8KIz:dn38eTXu6ed2KUnGDxIz

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Drops file in System32 directory

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks