Overview

overview

10

Static

static

3

rAWB1164667916.exe

windows7-x64

10

rAWB1164667916.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    rAWB1164667916.exe

  • Size

    581KB

  • Sample

    230706-pjp5esag85

  • MD5

    fa681a6ce6ddd34f6c571a38fb52e867

  • SHA1

    6ad073d0b36536bd38b976a13bc9479e1febddc0

  • SHA256

    4f0c6b86c73e464ccd681c2de2a1bd2d0aedb75625afabc632dddf32c0f243b8

  • SHA512

    dd67578a174c322aa0f054c339249cea383433f442c12a001503726ff510c938769b64fd2441bc8e6f34116ea937af0b0455a41361b42f4db3ad7318c8820ccf

  • SSDEEP

    12288:wpC6DCkc1oOJJbOGXzPAsHPWB8BpPPNkkEZGD22fPs0NJEG:g6VOGDAsHPNBpPPNkkMGDTns0z

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://138.68.56.139/?p=229442047

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      rAWB1164667916.exe

    • Size

      581KB

    • MD5

      fa681a6ce6ddd34f6c571a38fb52e867

    • SHA1

      6ad073d0b36536bd38b976a13bc9479e1febddc0

    • SHA256

      4f0c6b86c73e464ccd681c2de2a1bd2d0aedb75625afabc632dddf32c0f243b8

    • SHA512

      dd67578a174c322aa0f054c339249cea383433f442c12a001503726ff510c938769b64fd2441bc8e6f34116ea937af0b0455a41361b42f4db3ad7318c8820ccf

    • SSDEEP

      12288:wpC6DCkc1oOJJbOGXzPAsHPWB8BpPPNkkEZGD22fPs0NJEG:g6VOGDAsHPNBpPPNkkMGDTns0z

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks