Overview

overview

10

Static

static

3

ace4774810...19.exe

windows7-x64

10

ace4774810...19.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    8b36e207c53c0e34fce64a468d9f617b.bin

  • Size

    869KB

  • Sample

    230903-bg2hsafh5s

  • MD5

    a9ed1f3fdd5ae93d196fbd6019efac29

  • SHA1

    779476af54d5dea0f44dbaa0dd1dad908c31933b

  • SHA256

    b31446c76893b58fde3b09cc27d6dcf030e92d35816b33bf5c8e7f3473493564

  • SHA512

    333c40388f30e25ee1399bc052bbe01f0273d87e5e00d0c45935d235ca0611a428e4b5b5224ace2bc399c9dfc3aeb3e48569f457364ded27dbd96e12344e0f5e

  • SSDEEP

    24576:e/1OY5YfXNh53EadAC1W4fW1qblHOYrhxNHAwwUGol:e/1O9XNv3EbmQMbIS87ol

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://backupleads24.sytes.net/jzdgfsh/Panel/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      ace4774810376e5dd8bf3131c3dad03ae2c7d1d95a2edea39de42fec95a1cb19.bin

    • Size

      1.0MB

    • MD5

      8b36e207c53c0e34fce64a468d9f617b

    • SHA1

      fdbc6d03a334dcee2886fc42bc9280d9f7b590fe

    • SHA256

      ace4774810376e5dd8bf3131c3dad03ae2c7d1d95a2edea39de42fec95a1cb19

    • SHA512

      474402a8b4ade0eb1a0e70a44dbe20136e71a0728257f7a9af2da7c78de3fcdca13d76d70cbd906fe456c118ea7a07a932577f56c277fd89a64d1d9ccf907e05

    • SSDEEP

      24576:wNA3R5drXmDG6/e+vv+YG28w0LCLt6Oo4KLzsKT9+hUxAPO/:p5UB/BsFR+h6O/KfsKTgm

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks