Overview

overview

10

Static

static

3

b084f904e6...6f.exe

windows7-x64

10

b084f904e6...6f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7afdaa3b8416ad119d861f34e4f526fba43d12c9db989b71dad14821e810fcc0

  • Size

    362KB

  • Sample

    240417-qp5mqshd78

  • MD5

    d108ce86955d60be090641873b5928fe

  • SHA1

    571f6c804a4d07866e67311f60931a8d49165ca2

  • SHA256

    7afdaa3b8416ad119d861f34e4f526fba43d12c9db989b71dad14821e810fcc0

  • SHA512

    6f3e55fded18b95df764565825dde6bd8f3884435a2f48d91794b6ce70d33b1516aee4de40f610f348bfce7480fdce4b414f2d09ce28a347079579fb824faef4

  • SSDEEP

    6144:jiisbaWvVkKMh8dJ0loE+7KmwpKFXGDmDhaEv/6tVEHE6iv:jiisbaGUhe0lp+7ZrXGDmDECkf

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://meridianresourcellc.top/document/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      b084f904e680ea76fb4edddcab4ce166620ea7e9b70420b61b8e61f1e4218f6f.exe

    • Size

      500KB

    • MD5

      bb780ef8f1b0df0345cdb4521d5d4f81

    • SHA1

      da039e6d8037bbfee5cb9cf63cb45eace4f61354

    • SHA256

      b084f904e680ea76fb4edddcab4ce166620ea7e9b70420b61b8e61f1e4218f6f

    • SHA512

      b7fd76473116e65996e094c50a1d3a38137e873b627a769caf85460a2f57264f37c0d64380d833c9e8a02d8905794caaaf491406705568d15808deb5f3421cba

    • SSDEEP

      6144:XrLn9veTfbI0tTUiqhgVLlrMkY3Dpo5a7pLJ29OcfPag0a54ZV/EQO0JUFyZ1vQp:H9V0jxdlrM7TpX7FUOcf95Exz+H

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks