Overview

overview

10

Static

static

3

SONG HONG ...df.exe

windows7-x64

10

SONG HONG ...df.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    752338275fde9b39c2db5277f98bbb5a0c8d2ae7dcfac3440fd39eb490916664

  • Size

    137KB

  • Sample

    230821-gt28qsbc66

  • MD5

    b26c996be87a2f97508ade93c134900e

  • SHA1

    a8bc1a33d50fa774cc2da41af47a8acf937101df

  • SHA256

    752338275fde9b39c2db5277f98bbb5a0c8d2ae7dcfac3440fd39eb490916664

  • SHA512

    6378492b1e28e2e960d5283c128ab2818569d0c3aafffc32d53610e1b8fe86a5b4d4bf53bd1772c11d45be65bbd2f23116b2fe4a736844e6b80e88ab40f9c74e

  • SSDEEP

    3072:R3hHry3rcmtN8E9xXtVaKJBN2cUfybhyBm2Sw0U1BCIg1bUI:PLybcmAQxdVaKXyfSoWiBCb

Score
10/10
lokibotspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://194.55.224.9/fresh1/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      SONG HONG ORDER MSH210823.pdf.exe

    • Size

      257KB

    • MD5

      22bc409a1262d97b5f1cb8e85bccd6a8

    • SHA1

      74cd5bf15abfb69eb4f823107726841866e581d1

    • SHA256

      41806b559cc3d4245a5e2caac6f1fcc88684f6a4efe33c0d7665e137f2864c96

    • SHA512

      b216041c2350537bd7f4640fd2e7898e05a750dc29f9fd8962db68c6c58e9c5a237b2b82303f6b18fb1da4b87ffc54788c4731f6729392618931efb1827982a5

    • SSDEEP

      3072:ggfE2iXsetoLlYt5lVNCsyvitbFIgtQW8zOMmYqI4EmirgWSw0U175D0Ri:p8shly5lVMPvitb+W8zOMR0S6iVD

    Score
    10/10
    lokibotspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks