Overview

overview

10

Static

static

3

NewOrder.exe

windows7-x64

10

NewOrder.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    NewOrder.exe

  • Size

    520KB

  • Sample

    231118-a7t1ysgb74

  • MD5

    2d994480387724a064d58c269c2d7e98

  • SHA1

    d1a0d548d45ace02cfcd62fd23d7f58baccd3e02

  • SHA256

    3ef927e1d26d267049526245320f5efa1881deca6414935cb476b2f73b8e9268

  • SHA512

    ada6c8cb3934851e6d5918dc5d1c58a99dbfdda4cefcfbea5a0c5a70d38b711bb2968f27f22a215d2f83f8625c431ac4ab85f4717e38112f736dae9cc4ee81c1

  • SSDEEP

    12288:x++6JC7ST58+PfHuwg0FctDMlo9FqctyBM:MpJCYeV0qtDMwHty

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

https://www.swiftguaranteedb.com/dftyh/lokinew/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      NewOrder.exe

    • Size

      520KB

    • MD5

      2d994480387724a064d58c269c2d7e98

    • SHA1

      d1a0d548d45ace02cfcd62fd23d7f58baccd3e02

    • SHA256

      3ef927e1d26d267049526245320f5efa1881deca6414935cb476b2f73b8e9268

    • SHA512

      ada6c8cb3934851e6d5918dc5d1c58a99dbfdda4cefcfbea5a0c5a70d38b711bb2968f27f22a215d2f83f8625c431ac4ab85f4717e38112f736dae9cc4ee81c1

    • SSDEEP

      12288:x++6JC7ST58+PfHuwg0FctDMlo9FqctyBM:MpJCYeV0qtDMwHty

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks