Overview

overview

10

Static

static

3

FRH-G-MR-2...cx.exe

windows7-x64

10

FRH-G-MR-2...cx.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    FRH-G-MR-23-V-0375-docx.exe

  • Size

    528KB

  • Sample

    230828-fssggaaa7x

  • MD5

    ea368e5394db4f89769bc09aba0f26d8

  • SHA1

    c9ce657c80643c480edc785183ca171b73920112

  • SHA256

    bf6e98c839e903874bf78b089e4936b4294747664464be6be434dbb54ef85c08

  • SHA512

    ff8465f8de6d72ff6b657ec8fc57b70cb9762bd700ac96f63d0454813ededa96b09dfc4405a5dd4326513d9533c10efd151951b903ab541060def99ac848d097

  • SSDEEP

    12288:nXWJp097DNnFV5kh4pmv06KygE3f5UAu6KTiEJ:XF9fNnK4EvPtRUAui

Score
10/10
lokibotspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://163.123.143.202/_errorpages/size/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      FRH-G-MR-23-V-0375-docx.exe

    • Size

      528KB

    • MD5

      ea368e5394db4f89769bc09aba0f26d8

    • SHA1

      c9ce657c80643c480edc785183ca171b73920112

    • SHA256

      bf6e98c839e903874bf78b089e4936b4294747664464be6be434dbb54ef85c08

    • SHA512

      ff8465f8de6d72ff6b657ec8fc57b70cb9762bd700ac96f63d0454813ededa96b09dfc4405a5dd4326513d9533c10efd151951b903ab541060def99ac848d097

    • SSDEEP

      12288:nXWJp097DNnFV5kh4pmv06KygE3f5UAu6KTiEJ:XF9fNnK4EvPtRUAui

    Score
    10/10
    lokibotspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks