Overview

overview

10

Static

static

1

MV TRANS-ASIA I.xls

windows7-x64

10

MV TRANS-ASIA I.xls

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    MV TRANS-ASIA I.xls

  • Size

    1.4MB

  • Sample

    230717-f41l8aba6y

  • MD5

    0c13eceb36bdde5263a3e2ecc3339407

  • SHA1

    19d9f3512d1d0e0ec66fe8fec4efd149f4287e1f

  • SHA256

    fffb8dde88ae23cc6c9b00e3692bfe33242ebfde732dc0b0f4a445b729985fc5

  • SHA512

    e80548f69aca18ff637171e013f39c418813cf6e73de0d81a7b0fda0a2ef4b94cf4355d89ce0fd89911237d05cbff26dc408d233b462908f42aa0ac7515542c0

  • SSDEEP

    24576:UIu9VNZylw6VVOZyNw6VleHBlEzp7usR0bgcwyA52hcP5YwVux:UIuPR6VVYp6V8hOzkgjy+P5Yj

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://171.22.30.147/mous/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      MV TRANS-ASIA I.xls

    • Size

      1.4MB

    • MD5

      0c13eceb36bdde5263a3e2ecc3339407

    • SHA1

      19d9f3512d1d0e0ec66fe8fec4efd149f4287e1f

    • SHA256

      fffb8dde88ae23cc6c9b00e3692bfe33242ebfde732dc0b0f4a445b729985fc5

    • SHA512

      e80548f69aca18ff637171e013f39c418813cf6e73de0d81a7b0fda0a2ef4b94cf4355d89ce0fd89911237d05cbff26dc408d233b462908f42aa0ac7515542c0

    • SSDEEP

      24576:UIu9VNZylw6VVOZyNw6VleHBlEzp7usR0bgcwyA52hcP5YwVux:UIuPR6VVYp6V8hOzkgjy+P5Yj

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks