Overview

overview

10

Static

static

3

rev 876-13...WB.exe

windows7-x64

10

rev 876-13...WB.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    254247d0373f153324f4c85a981d28c50c63caf183d86f4ebc8745ca65f36a70

  • Size

    477KB

  • Sample

    231114-l6xk8sbc31

  • MD5

    8e1da81ff4db03aef96c72e0a9b7f59c

  • SHA1

    f6f902dc61a5d80fec00778ccf9b61c75044725d

  • SHA256

    254247d0373f153324f4c85a981d28c50c63caf183d86f4ebc8745ca65f36a70

  • SHA512

    3743db6bcf5b2550d17089f7340bfb3500d9670405f6687d34d8e908bb926c0eb216d7a7eab68eda3847de656e68babab8ddd2624b35afb20ce3e14361527c1e

  • SSDEEP

    12288:81412aK43NCO5tJlaD6Op4JRHiyxzJT5UibO7X3lM7YQis96VEnk57:6412aKuXJaD6O+xz9aJrm7YQrnO7

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://305.ebnsina.top/_errorpages/305/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      rev 876-13299193 HAWB - MAWB.exe

    • Size

      564KB

    • MD5

      51f29262c7709e7691b063f7b714d794

    • SHA1

      7f7d04e0be1cc4afa7f66f7ab05f5b0a1c03ab1c

    • SHA256

      b63a70ad6b79d25bd29b80af9a18661b86d78ed2b839bb62484d0a42ea9e1608

    • SHA512

      d0f4049384f3bfff69f0323e47b6e68959a3aa09c146e020dd52d63e1fa5b8a9b7ae5677e3a54f3322a1b77b651e1b9738439df8e8a52313b0175993a5d75a15

    • SSDEEP

      12288:G3zLlfSc7QPtJlaD0FRViJtH8yhzt1u+NYxtp5NxSpFSK3:0hq0UJaD0FRShz/DNYxvBSLS

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks