Overview

overview

10

Static

static

3

ef04082c06...3a.exe

windows7-x64

10

ef04082c06...3a.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    ef04082c069f32ce5fa922430ad8b921b6433da86ba528a23b10b95817f40b3a.zip

  • Size

    699KB

  • Sample

    231119-2bd4eacc37

  • MD5

    95a284657c5fb957fd5d734b94503753

  • SHA1

    caca762dc406361b5ec06062c62119b5709c5096

  • SHA256

    3dcfd1289b2da8ad0f82738821b35fd065281cf225124df3a64d3103e723fab7

  • SHA512

    d0b24869283a782cc1fb10394c446359f88132377df6b9e3954a469801900f551d2177c0d0927f50f95049c4ee64c0236282667d75d9f404b96c8ca8d731f25a

  • SSDEEP

    12288:zKyA22Q/FjOjhTy+MnoJrNoTHh8QRFlpPK3NFzleVl8tkOB+Dd4Gf24U:Wp2tNjITdlEyQLS3NF5eVl2XBKSGf2N

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

https://miners-gold.com/deddd/lokinew/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      ef04082c069f32ce5fa922430ad8b921b6433da86ba528a23b10b95817f40b3a.exe

    • Size

      796KB

    • MD5

      0abd28c923a124abeeade43e31aace8c

    • SHA1

      05fbfd47996af96e33019ca766c3b32550391df0

    • SHA256

      ef04082c069f32ce5fa922430ad8b921b6433da86ba528a23b10b95817f40b3a

    • SHA512

      86908f5622e8b5245c314e22d8c54b2857cd523e7062d89c7008fd2bfa8e504be986ecf761a2382df4d02ed9bb9f4085319f853a30b10fa6534c0da930237bd3

    • SSDEEP

      12288:6i6b8YQv+yg7KSBWEhyi6EGq0wQEWiTJI8oeXnwdoTvbMHwFd9Q0EKExEJ:Ob0mygOS0EhyyGYJbX4+QQFEcJ

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks