Overview

overview

10

Static

static

3

tmp.exe

windows7-x64

10

tmp.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    tmp

  • Size

    266KB

  • Sample

    230920-gv9n7sge49

  • MD5

    ec1b1e9118b85599e702620abf7e9301

  • SHA1

    c0329c13b794364e46b2789d0237bb79bed5b95f

  • SHA256

    f8e17678a05033140083776cde158aecc2126bb3d0ca09fed9c2cb413cc7b002

  • SHA512

    c33def45321aaa2675cb09d899a7b46e2d19f6cc48b81cc170180bd1413986e31bf870f9c69e15b59dd5ed1e67aac42a3a301e3b4c20263ec232a61e2a208b9c

  • SSDEEP

    3072:+EXJxr5PgrVGlr+t3m2bvTf03jHbGIdo1gggBWNNrEdcmvwusCP:LjrmrElr+pZbvTej7G71fOWNpEZwus

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://mous.midlandpaper.icu/_errorpages/mous/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      tmp

    • Size

      266KB

    • MD5

      ec1b1e9118b85599e702620abf7e9301

    • SHA1

      c0329c13b794364e46b2789d0237bb79bed5b95f

    • SHA256

      f8e17678a05033140083776cde158aecc2126bb3d0ca09fed9c2cb413cc7b002

    • SHA512

      c33def45321aaa2675cb09d899a7b46e2d19f6cc48b81cc170180bd1413986e31bf870f9c69e15b59dd5ed1e67aac42a3a301e3b4c20263ec232a61e2a208b9c

    • SSDEEP

      3072:+EXJxr5PgrVGlr+t3m2bvTf03jHbGIdo1gggBWNNrEdcmvwusCP:LjrmrElr+pZbvTej7G71fOWNpEZwus

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks