Overview

overview

10

Static

static

10

0eec9d5a1f...cs.exe

windows7-x64

10

0eec9d5a1f...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0eec9d5a1f513d0c1ca34ed8dd7e8610_NeikiAnalytics.exe

  • Size

    104KB

  • Sample

    240527-ae1m2ahb2s

  • MD5

    0eec9d5a1f513d0c1ca34ed8dd7e8610

  • SHA1

    44891a49b5ce039c5dc55151e22d914595cc3bc6

  • SHA256

    b322e6b52c06a45eb447b544b819b02192554ea0852d0bd1473d44959915b05e

  • SHA512

    80b66aaebf7fb2c70f7da3d04346846afa28717d31dc2f1eccdc51c92c877c9bf0eb0da7e85b7bb6a2e6f8dfe1d8223313dd365056999905dbb79d842102b322

  • SSDEEP

    1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqnIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://171.22.30.147/line/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      0eec9d5a1f513d0c1ca34ed8dd7e8610_NeikiAnalytics.exe

    • Size

      104KB

    • MD5

      0eec9d5a1f513d0c1ca34ed8dd7e8610

    • SHA1

      44891a49b5ce039c5dc55151e22d914595cc3bc6

    • SHA256

      b322e6b52c06a45eb447b544b819b02192554ea0852d0bd1473d44959915b05e

    • SHA512

      80b66aaebf7fb2c70f7da3d04346846afa28717d31dc2f1eccdc51c92c877c9bf0eb0da7e85b7bb6a2e6f8dfe1d8223313dd365056999905dbb79d842102b322

    • SSDEEP

      1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqnIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks