Overview

overview

10

Static

static

3

FedEx Ship...17.exe

windows7-x64

10

FedEx Ship...17.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    FedEx Shipment DOC_ 71341373717.exe

  • Size

    567KB

  • Sample

    230713-jg48nsgf81

  • MD5

    186c45e39196c988dfbcdc2ec33636f1

  • SHA1

    31b50e600504e8737ed47cecd50eca017b961f33

  • SHA256

    87315498a98e525f805959cc316405bb4f937ee28b087c68838033ecd3cd0dd5

  • SHA512

    95cf10df82c799b5f0b9e1acbcf1dc85d141062c9b72463c5077d5c8eaab208f43e4147cec5f6a87d0848245b5ade4e4b5ed1fdd4c1a04eb6424a93894fcb125

  • SSDEEP

    12288:OBqD3ZxjJE8ERFtwuJCKVu5qvhSw/6z9Y6vwdQzWyocs2qL:OoLZxj6XFtVekhF/Ipvs2q

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://138.68.56.139/?p=628638060796

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      FedEx Shipment DOC_ 71341373717.exe

    • Size

      567KB

    • MD5

      186c45e39196c988dfbcdc2ec33636f1

    • SHA1

      31b50e600504e8737ed47cecd50eca017b961f33

    • SHA256

      87315498a98e525f805959cc316405bb4f937ee28b087c68838033ecd3cd0dd5

    • SHA512

      95cf10df82c799b5f0b9e1acbcf1dc85d141062c9b72463c5077d5c8eaab208f43e4147cec5f6a87d0848245b5ade4e4b5ed1fdd4c1a04eb6424a93894fcb125

    • SSDEEP

      12288:OBqD3ZxjJE8ERFtwuJCKVu5qvhSw/6z9Y6vwdQzWyocs2qL:OoLZxj6XFtVekhF/Ipvs2q

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks