Overview

overview

10

Static

static

3

Request fo...er.exe

windows7-x64

10

Request fo...er.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Request for 500kg Fertilizer.exe

  • Size

    740KB

  • Sample

    231127-lbcmksff36

  • MD5

    710ad2395ca21effaf7ab104616f614b

  • SHA1

    d9eab088c84cd067c8e6df3d94467e278eb4a321

  • SHA256

    7e314352a5cf1461dff77e69cf34788bb884ebde3bcfe433dd92d20717f5102e

  • SHA512

    d9bb7e3d2152e31a214f93dbe2331dabf1ed30fd5a0d9404c4fc0d3af76a5aee59aa6597b7d615011095c6c63a6ca687cb891961e6bf0de4e09dba01deb21bb5

  • SSDEEP

    12288:lOm5EuPUpER9PDBlemPy/VzvHO4CEjza1R09efpL4G:lD5XUpE/PDBlxPsFuMzaAwfKG

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

https://sempersim.su/b12/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      Request for 500kg Fertilizer.exe

    • Size

      740KB

    • MD5

      710ad2395ca21effaf7ab104616f614b

    • SHA1

      d9eab088c84cd067c8e6df3d94467e278eb4a321

    • SHA256

      7e314352a5cf1461dff77e69cf34788bb884ebde3bcfe433dd92d20717f5102e

    • SHA512

      d9bb7e3d2152e31a214f93dbe2331dabf1ed30fd5a0d9404c4fc0d3af76a5aee59aa6597b7d615011095c6c63a6ca687cb891961e6bf0de4e09dba01deb21bb5

    • SSDEEP

      12288:lOm5EuPUpER9PDBlemPy/VzvHO4CEjza1R09efpL4G:lD5XUpE/PDBlxPsFuMzaAwfKG

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks