Overview

overview

10

Static

static

3

9c72d48f38...8f.exe

windows7-x64

10

9c72d48f38...8f.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    9c72d48f384e384c0e3b159f4039298f.exe

  • Size

    297KB

  • Sample

    230719-hqxphsgd36

  • MD5

    9c72d48f384e384c0e3b159f4039298f

  • SHA1

    469a13477837c1f48bb7a2e1b9f08710145209a8

  • SHA256

    534a33086797b472985eabb41713da176538a199d2bc421d3b49eeec88fbedd8

  • SHA512

    e316338c08f9ed186c3d86043b83b6931b855ea53357ea5fef3bb4e5cf3bb8fdf2fec01a384169e216acd59782dbd6faf5c02d06ce97827036f333a48c22ad12

  • SSDEEP

    3072:GdfGpGbErLo10x6Qzeqa5lFMVqqmaOEFA+Ap4qsgW05ytrZCos:UGRLo+x6YIKnYEirsgW7e

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://171.22.30.147/mous/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      9c72d48f384e384c0e3b159f4039298f.exe

    • Size

      297KB

    • MD5

      9c72d48f384e384c0e3b159f4039298f

    • SHA1

      469a13477837c1f48bb7a2e1b9f08710145209a8

    • SHA256

      534a33086797b472985eabb41713da176538a199d2bc421d3b49eeec88fbedd8

    • SHA512

      e316338c08f9ed186c3d86043b83b6931b855ea53357ea5fef3bb4e5cf3bb8fdf2fec01a384169e216acd59782dbd6faf5c02d06ce97827036f333a48c22ad12

    • SSDEEP

      3072:GdfGpGbErLo10x6Qzeqa5lFMVqqmaOEFA+Ap4qsgW05ytrZCos:UGRLo+x6YIKnYEirsgW7e

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks