Overview

overview

10

Static

static

3

97b2adff8b...fe.exe

windows7-x64

10

97b2adff8b...fe.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6d20693d0cae3cb145a010abb1b07f7d.bin

  • Size

    1.3MB

  • Sample

    240614-cflava1ejg

  • MD5

    db41d0f1844c5de6832d3b15559e41d5

  • SHA1

    9f756642e2a6dea6295e2115c839db77e6cb9cd7

  • SHA256

    dc34a96b7d80299c93a714d4e85fa6a7848e799a9297838c0c21112cfa4c554f

  • SHA512

    da52ea41c88d33e4ebf2b44d3b212fe8374b30be0c81f6103510fc288f54fcf9c72f396344bd0927343b5ed90a7cee5862b7deca71792fcfba6e376733c96ab1

  • SSDEEP

    24576:MY89s7e7l1GDiPqAnO+C9qOZtIbzkVBJJhMmM8BWMkmM8PpjTtsBBBrvAx8fN7cR:SsC7l4UO+oI3kVB/SCzPpjBAB7AGa2a

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://45.61.136.239/index.php/9460648709801952970

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      97b2adff8b4be8067926c36e5429d64e2ebcfbf37dbc1fd2c5879bfec11b98fe.exe

    • Size

      3.0MB

    • MD5

      6d20693d0cae3cb145a010abb1b07f7d

    • SHA1

      17c40f1f006846f2e8b99cb822a9b3f261103be9

    • SHA256

      97b2adff8b4be8067926c36e5429d64e2ebcfbf37dbc1fd2c5879bfec11b98fe

    • SHA512

      bb7a05bd8d6847a7b5b92bef0fcc7aff2a21103666bdce098093cd9e4a45f649feb60e412e0a9fbb2d80b7b2e7f197aabca8af61207bd994ba51d014eabaeca7

    • SSDEEP

      49152:m8yJAk206NICMq5pzKRgqVzKjqgF931wmz:hBsZq

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Uses the VBS compiler for execution

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks