Overview

overview

10

Static

static

3

gunzipped.exe

windows7-x64

10

gunzipped.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    gunzipped.exe

  • Size

    521KB

  • Sample

    230828-klez1sbc8y

  • MD5

    a46d2dd3464c15661f91e8886370c035

  • SHA1

    96ee93b26eb3487818608ad9b3a8051cf2149a6b

  • SHA256

    1492021db4c18a2d5fc38f9e35b45183010f6676d73b3565dea1ab8dc13ee3b0

  • SHA512

    a10c1efb4861c63fa75cb546376320875e226e7cd60029862dda6649977ff4855d6e33c916ab002e28ea941de465209d742f4ac8acc0c8026380cbbf3d7545af

  • SSDEEP

    12288:GcWJp09fq2BLmrYz4PphY37ToJpGOTkBstRQ8IuI0qGh:GcF9fkrYEY371qkWtRQ8rI0qG

Score
10/10
lokibotspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://216.128.145.196/~wellseconds/?p=007634106655

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      gunzipped.exe

    • Size

      521KB

    • MD5

      a46d2dd3464c15661f91e8886370c035

    • SHA1

      96ee93b26eb3487818608ad9b3a8051cf2149a6b

    • SHA256

      1492021db4c18a2d5fc38f9e35b45183010f6676d73b3565dea1ab8dc13ee3b0

    • SHA512

      a10c1efb4861c63fa75cb546376320875e226e7cd60029862dda6649977ff4855d6e33c916ab002e28ea941de465209d742f4ac8acc0c8026380cbbf3d7545af

    • SSDEEP

      12288:GcWJp09fq2BLmrYz4PphY37ToJpGOTkBstRQ8IuI0qGh:GcF9fkrYEY371qkWtRQ8rI0qG

    Score
    10/10
    lokibotspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks