Overview

overview

10

Static

static

1

Swift copy mt101.exe

windows7-x64

10

Swift copy mt101.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Swift copy mt101.exe

  • Size

    654KB

  • Sample

    240530-cl9kmabg63

  • MD5

    01e09fa9921daa951bda8491dc206030

  • SHA1

    8b7a41457fc7135dd9635483ef3908a43b133c78

  • SHA256

    cf83b56f041af2c2b7dbf8e50dfac4ba4583efccbf8ecca8f7dc4c0978d554db

  • SHA512

    19303588729b99743c616ca6156c801b2c92cc4fbf0c21e598ece0e5479451b0cdcde3a138dc8894f655290e08561b22bb945879a366e4fc693931506d7307dd

  • SSDEEP

    12288:pWOdrJwKcI/shRwBGmD/arrEC9jaxhTvkWPOts3SCefbEpud78hs1mddkR:pWicTY/a592rTv3mZb

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://45.61.137.215/index.php/41286969787314313

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      Swift copy mt101.exe

    • Size

      654KB

    • MD5

      01e09fa9921daa951bda8491dc206030

    • SHA1

      8b7a41457fc7135dd9635483ef3908a43b133c78

    • SHA256

      cf83b56f041af2c2b7dbf8e50dfac4ba4583efccbf8ecca8f7dc4c0978d554db

    • SHA512

      19303588729b99743c616ca6156c801b2c92cc4fbf0c21e598ece0e5479451b0cdcde3a138dc8894f655290e08561b22bb945879a366e4fc693931506d7307dd

    • SSDEEP

      12288:pWOdrJwKcI/shRwBGmD/arrEC9jaxhTvkWPOts3SCefbEpud78hs1mddkR:pWicTY/a592rTv3mZb

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks