Overview

overview

10

Static

static

3

6968fe8fcb...1b.exe

windows7-x64

10

6968fe8fcb...1b.exe

windows10-2004-x64

9

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6968fe8fcbbb5e1b6577634abf33c41d1fec5feb5eba4146595520e636d3291b.exe

  • Size

    558KB

  • Sample

    240607-b5sksagf74

  • MD5

    7e7cf728c28c04d181a53b7a1f1040ec

  • SHA1

    adaaae1fc339becd50905220a5fd1b88b3b8baf0

  • SHA256

    6968fe8fcbbb5e1b6577634abf33c41d1fec5feb5eba4146595520e636d3291b

  • SHA512

    6140d4d28279b64914793a1fd3384c973c7177abd8b08b836c2a5dd850e91d41f7a23001e43245b69d1ae818920bef8a7043896f837ac29ad9b605eed711b0df

  • SSDEEP

    12288:EN3qyJMny4z8jJz/HHWWrcdINOct0I7ZzkUkdq1XyPicpTxgGRHaJ:s6OjI8JzvFr5N7t0KGqAPi0xPUJ

Score
10/10
lokibotexecutionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://sempersim.su/d1/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      6968fe8fcbbb5e1b6577634abf33c41d1fec5feb5eba4146595520e636d3291b.exe

    • Size

      558KB

    • MD5

      7e7cf728c28c04d181a53b7a1f1040ec

    • SHA1

      adaaae1fc339becd50905220a5fd1b88b3b8baf0

    • SHA256

      6968fe8fcbbb5e1b6577634abf33c41d1fec5feb5eba4146595520e636d3291b

    • SHA512

      6140d4d28279b64914793a1fd3384c973c7177abd8b08b836c2a5dd850e91d41f7a23001e43245b69d1ae818920bef8a7043896f837ac29ad9b605eed711b0df

    • SSDEEP

      12288:EN3qyJMny4z8jJz/HHWWrcdINOct0I7ZzkUkdq1XyPicpTxgGRHaJ:s6OjI8JzvFr5N7t0KGqAPi0xPUJ

    Score
    10/10
    lokibotexecutionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

    • Detects executables containing common artifacts observed in infostealers

    • Detects executables referencing many file transfer clients. Observed in information stealers

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks