Overview

overview

10

Static

static

3

6682d4c801...4b.exe

windows7-x64

10

6682d4c801...4b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4668db8c859e8278a7f16fe33e60188448f70ed829bab61690e5e35122935b4b

  • Size

    517KB

  • Sample

    240417-pmw25sgc9v

  • MD5

    f5d7109bb0dad876a8df26b54ce8e520

  • SHA1

    0201bb895c9e6405d98b78a824893aa5d17afd76

  • SHA256

    4668db8c859e8278a7f16fe33e60188448f70ed829bab61690e5e35122935b4b

  • SHA512

    baf778d3481053388328b4db05e8217c0e45ade52bb5b0f6374cd8977b88cb717eb20bd0193740ae889b912dae985d3928d643b003989b9c3b49cf5815997e7c

  • SSDEEP

    12288:tAAwXoYr1Ev9geFq7vmczFjRsAQqT5KMXSJD8fbofRUg2:tArXoYr+Fgb3zFnRT4MiJkbofN2

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

https://sempersim.su/c6/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      6682d4c801b131d5de5810898709e48f858f7204de3fbe9eedd08d7649202a4b.exe

    • Size

      855KB

    • MD5

      7d429931b4028877a01bc1b8af131394

    • SHA1

      237319bed39b32aa4878479043c74ef958f75df5

    • SHA256

      6682d4c801b131d5de5810898709e48f858f7204de3fbe9eedd08d7649202a4b

    • SHA512

      724d8e12592f2edc8d2e163b888ac80aa35d083cde9969a2241f1abf504a574d12ae105270a7882e4d68c8228a9905e5c4a5afbf7e19d560139871b3e021065f

    • SSDEEP

      12288:v3n4NBHPdHG2Qj8M+hFJHW8265co/G/DEl4MVonUp8p:f4NZJo4hjV5jJSiouU

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks