Overview

overview

10

Static

static

3

25f9c6802d...b4.exe

windows7-x64

10

25f9c6802d...b4.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    383d288ea4bf2dd4f9363d8990b1c348.bin

  • Size

    459KB

  • Sample

    231101-bln39aae37

  • MD5

    ce08bc3a12a85365b3c539f7e809812b

  • SHA1

    a17297e5b91ff39d55dd9ab9ee7956e14eb4d7a9

  • SHA256

    76163915722defb969b21e3a9c6e5abc6b00cf49fb29a2c015d8bc6aa1d00644

  • SHA512

    bb4cc1c11fc19ed577035b47b5eb502200f4510a817d4e57c57cadcc808d02036223bfe4a550588dfc86ecee3ea671171bf0337e67ac0398da6384c00a2139c0

  • SSDEEP

    12288:8aQXEKok6l8ivkd+stYWtmjmY1OeKStJ0:sXExkMv+BtQjwe9t6

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

https://sempersim.su/a16/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      25f9c6802d033da45292618209f2ff7ca03c3207f1705e102e69f698584906b4.exe

    • Size

      912KB

    • MD5

      383d288ea4bf2dd4f9363d8990b1c348

    • SHA1

      53e6d1699c1b525d16bd29b2763f01b8e5fbe6f1

    • SHA256

      25f9c6802d033da45292618209f2ff7ca03c3207f1705e102e69f698584906b4

    • SHA512

      c874086eb319d62480423f16bc335bdd2618795567c25b06feec9642d733e252456580c884542e818052ad37b6d349e115f8a127422c4e57944dde3ea5a8c6bd

    • SSDEEP

      12288:VJbylGp7515CtZXEiQq5cFH5b205sFpp:VJw67515CtbFcFVRsF

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks