Overview

overview

10

Static

static

3

20230927_B...91.exe

windows7-x64

10

20230927_B...91.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    20230927_BAOC_32xxxxx8_2591.rar

  • Size

    468KB

  • Sample

    231011-nkfrpsbg8z

  • MD5

    207858aabe1954c1873a13bc20535b12

  • SHA1

    070dcf43c5551ea9fe4394e998da2fcb54244fea

  • SHA256

    63fdc5115739cc20f4ef0bfc31721658bbec652940709cbc8bbb698056e0dbc0

  • SHA512

    c419b977489b403149942cba75bb4fbbd0e35450ef0194796b9a63d8731ceb5a386bea1ec35d4c7e201985d3a08497bd98306347f371ad3b5a678452cf4b7640

  • SSDEEP

    12288:6kLEgGOz56QYpO4W9K110ZeCsv3n3T2qVKOOc/mfaTj:J6OzxM143svX3TlGiTj

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://45.77.76.224/~clinics/8K32GLwm2PLH6uzEVro14x4w8r

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      20230927_BAOC_32xxxxx8_2591.exe

    • Size

      544KB

    • MD5

      718e158f14dce5d1f0e0c5c4a5ba39ad

    • SHA1

      3d3092e0526f343b4345eb08d93685a3bffb0622

    • SHA256

      638619c26cc20f590052a8dac6eabcc3b0dd6dcdd7f48832a36a1b0d983ae77f

    • SHA512

      c1b5cea0767190fd29ab985baf5dd9d030559db1d45eefa73346ebce3e92dfc2deea68034b234a9e0db9d71a1c810786f62746ed1fc9b54975af58e8502f7683

    • SSDEEP

      12288:PIeyiRJU/Wcck+ID9Myy2vMrpOam4uKRYvD6S7E:QFFe1k+NyyHrpOa0KRQ6Sg

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks