Overview

overview

10

Static

static

3

20230817130403895.exe

windows7-x64

10

20230817130403895.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    20230817130403895.zip

  • Size

    167KB

  • Sample

    230818-k9rnqagf63

  • MD5

    24c10105dcc3465f44a87e3ce4269cfc

  • SHA1

    5e6a888dce892b4fde17f6d11a5be13d01885b3e

  • SHA256

    07c6cece00063dffc6931c07243d4ca7a9954b021c5d3834935e2e3a4038fdee

  • SHA512

    d02a82543e79196a5f15f84786ac155cb3fa322f716027b374865cadfbe1b1b45411a16f0af8eca569e77c10c7afd9ea84e0c1f33cfe1cb22214e4b21d3f2529

  • SSDEEP

    3072:vpOz8IaL7aucc9W09k7P3WPe3msnBBHhRsl2AuV6IM+pSMymcvfCj59cefbKV7:vpU8PLXcc9wDGPyBU2lvM+Mv1iNGem9

Score
10/10
lokibotspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://79.110.48.215/thirdugo/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      20230817130403895.exe

    • Size

      182KB

    • MD5

      0515f1f5dfdbf277e00318ae9b91bf63

    • SHA1

      e4c67298fe5c81b2f2ceda505ce96d63ef8a86d0

    • SHA256

      ba0ab61c41f2cffc1fac6424b3eb60a11670a8b828eceae7713379291a450e30

    • SHA512

      387fff5283d01f100fc6995b7bcea0b9557d217241fc1a1f84b6efb718e7eea2ddc6588d1e2773181951dcc67a3d7a36d8c7c253b3453d872d5294da43f736b2

    • SSDEEP

      3072:3fY/TU9fE9PEtuEbuD79W09krP3WPejmsnB3HhRsl2AuH6+M+pSMymcvFCj59cmW:vYa6guD79wzGPwBy23TM+Mv1INGmmH

    Score
    10/10
    lokibotspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks