Overview

overview

10

Static

static

1

PO09210019...JC.xls

windows7-x64

10

PO09210019...JC.xls

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    PO092100192023xls_JC.unknown

  • Size

    1.2MB

  • Sample

    231005-wkztksff36

  • MD5

    93d7401a45b5695eebacb757a4bc68f2

  • SHA1

    050e7f299b7e2327be0b3a2d6c09a1fe319763cd

  • SHA256

    fa2fc48f4d1662b5e5173965a80eed264d66ed5c22ce8ce56c536082073908ef

  • SHA512

    0c94972b23790fa18582290a8e19c51daf474c9e022e9520fae8d01479ac8947322f86968bb73a8e142a6b6248ae73c481483536b50e5da0fe74a7229fa2be1c

  • SSDEEP

    24576:2WQmmav30x6Zy7w6VZ71A+IZyfw6VWBBAT5NsbWUwHFpk2DM/yfhw5x:rQmmQ30qf6VsL6VGWTHY9/ypy

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

https://sempersim.su/a12/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      PO092100192023xls_JC.unknown

    • Size

      1.2MB

    • MD5

      93d7401a45b5695eebacb757a4bc68f2

    • SHA1

      050e7f299b7e2327be0b3a2d6c09a1fe319763cd

    • SHA256

      fa2fc48f4d1662b5e5173965a80eed264d66ed5c22ce8ce56c536082073908ef

    • SHA512

      0c94972b23790fa18582290a8e19c51daf474c9e022e9520fae8d01479ac8947322f86968bb73a8e142a6b6248ae73c481483536b50e5da0fe74a7229fa2be1c

    • SSDEEP

      24576:2WQmmav30x6Zy7w6VZ71A+IZyfw6VWBBAT5NsbWUwHFpk2DM/yfhw5x:rQmmQ30qf6VsL6VGWTHY9/ypy

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks