Overview

overview

10

Static

static

1

SCB_25042024.exe

windows7-x64

10

SCB_25042024.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SCB_25042024.exe

  • Size

    571KB

  • Sample

    240425-e9mf4sfd68

  • MD5

    880ab501ac36ce555a99ee423357247a

  • SHA1

    f2b96b9eb6d086005b3ccb070829bd49ecbafa87

  • SHA256

    dfc52c90b554b35108e8d2a320bf6677d7d94f2f967c8d5e7685ca6d3cd45822

  • SHA512

    9ace7f7f2e56d28abb699f3b1d5ef3436120f4e787b9041c2342f187bc99788a107e93d2afb84fd1c547569d7f5d3299408ad1b04091718a390ec6b7a4167b5f

  • SSDEEP

    12288:jWYIPXjxannnHg2vdHWoWrMNpOaMHienrpq7XodfJmckb4idbHey/1kR:jWYIPFannnHg2VH6rMNpHMpndModfJSs

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://45.77.223.48/~blog/?ajax=qt

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      SCB_25042024.exe

    • Size

      571KB

    • MD5

      880ab501ac36ce555a99ee423357247a

    • SHA1

      f2b96b9eb6d086005b3ccb070829bd49ecbafa87

    • SHA256

      dfc52c90b554b35108e8d2a320bf6677d7d94f2f967c8d5e7685ca6d3cd45822

    • SHA512

      9ace7f7f2e56d28abb699f3b1d5ef3436120f4e787b9041c2342f187bc99788a107e93d2afb84fd1c547569d7f5d3299408ad1b04091718a390ec6b7a4167b5f

    • SSDEEP

      12288:jWYIPXjxannnHg2vdHWoWrMNpOaMHienrpq7XodfJmckb4idbHey/1kR:jWYIPFannnHg2VH6rMNpHMpndModfJSs

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks