Overview

overview

10

Static

static

3

PI-EP 05919.exe

windows7-x64

3

PI-EP 05919.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PI-EP 05919.zip

  • Size

    507KB

  • Sample

    230719-lztk1adb3t

  • MD5

    a30f255d2d8f3b25d33d4f670843e901

  • SHA1

    5bf558a9388604e7a2efc619d52f8219596322d2

  • SHA256

    faf6943211190f86e38fad307c55717e2502871e459a7b2ebbab03a577601885

  • SHA512

    1c3d5fcd256b9f2d9b07cd17849be653dda4593330b310a359bf13a0d2cefd06016ffe4bf56b4c9a55ecca8418a65ff633fcc69add6b98cd10e965e6c4fe8509

  • SSDEEP

    12288:ScU2gxvS2P3i3ua/Hjd+775PtoNAOnKM0YrA5Cv8vn8:ScUXZS2PGboHfoNADYVvg8

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://185.246.220.85/ugopounds/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      PI-EP 05919.exe

    • Size

      559KB

    • MD5

      103264e1af3afccc182abbb66ff64bb5

    • SHA1

      96765da528bc4bc406894dc020adafd080e04af0

    • SHA256

      95934ccfa95253459a4caa462ebcb4435c27ef7ce1d3a7aa4c8d6ddea9806938

    • SHA512

      87541ea2c33d08f75a33e1cc9c667b8eb64a5b4ada65b7490f53f60dba08e5606281093bf58d283bd48bdd55ae0cbecd40bb16dff9f3ad2ba6a5188213b8c68c

    • SSDEEP

      12288:tPYPfY7fpf88MbfL5wiE4UYLXb57GdWacRmg8D4jd:tPYPglfabz5wiMkGEpx

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.