Overview

overview

10

Static

static

1

B13 13.rtf

windows7-x64

10

B13 13.rtf

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    B13 13.doc

  • Size

    117KB

  • Sample

    231224-jwypfadfa6

  • MD5

    d780f729b768267d7b9e13077f409ac6

  • SHA1

    fb1d48ae8c1c4f847b9e18ee36973bcfd4a30cab

  • SHA256

    b73e179ef77fd186e1a1e4228fff4fda9565ef868e5ef0be35d56d06155dc7b3

  • SHA512

    86d394a78d556b26f4e8de26f478aefe36e6eb15c74769d462359a521f8035e6d691a64d6860aca355665d39c9d6f345a05b6861b5fa22d7fa90399878c8abc8

  • SSDEEP

    1536:OwAlRkwAlR/yL02d3nmMBTAEe5gQ8Vcml:OwAlawAlhy/dXB+Ee5T8Vxl

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

https://sempersim.su/b13/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      B13 13.doc

    • Size

      117KB

    • MD5

      d780f729b768267d7b9e13077f409ac6

    • SHA1

      fb1d48ae8c1c4f847b9e18ee36973bcfd4a30cab

    • SHA256

      b73e179ef77fd186e1a1e4228fff4fda9565ef868e5ef0be35d56d06155dc7b3

    • SHA512

      86d394a78d556b26f4e8de26f478aefe36e6eb15c74769d462359a521f8035e6d691a64d6860aca355665d39c9d6f345a05b6861b5fa22d7fa90399878c8abc8

    • SSDEEP

      1536:OwAlRkwAlR/yL02d3nmMBTAEe5gQ8Vcml:OwAlawAlhy/dXB+Ee5T8Vxl

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks