Overview

overview

10

Static

static

10

9228719031...cs.exe

windows7-x64

10

9228719031...cs.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    92287190313960cbe6f4bbf9c25b58e0_NeikiAnalytics.exe

  • Size

    104KB

  • Sample

    240601-h122zsed37

  • MD5

    92287190313960cbe6f4bbf9c25b58e0

  • SHA1

    b97236db80c42003007297d2a5960aadf79572a1

  • SHA256

    cad8194f23cd6285a7db6ffe36322df5549ac8146503bd4cf0fe3725e8382b99

  • SHA512

    8e218a78339e23c7b33a1f99624e278cd267ebc9b2151680c2ba8ddc6863ac42270c021363fa90c62de86997fdbb0c2d8c1d322b0f914bfd19139141f7182028

  • SSDEEP

    1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EeUG

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://shopper.bulutlogistic.com/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      92287190313960cbe6f4bbf9c25b58e0_NeikiAnalytics.exe

    • Size

      104KB

    • MD5

      92287190313960cbe6f4bbf9c25b58e0

    • SHA1

      b97236db80c42003007297d2a5960aadf79572a1

    • SHA256

      cad8194f23cd6285a7db6ffe36322df5549ac8146503bd4cf0fe3725e8382b99

    • SHA512

      8e218a78339e23c7b33a1f99624e278cd267ebc9b2151680c2ba8ddc6863ac42270c021363fa90c62de86997fdbb0c2d8c1d322b0f914bfd19139141f7182028

    • SSDEEP

      1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EeUG

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks