Overview

overview

10

Static

static

3

03072024_0...50.exe

windows7-x64

10

03072024_0...50.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    03072024_0748_Air Waybill NO 6979374150.exe

  • Size

    566KB

  • Sample

    240703-jm5rdstcnh

  • MD5

    d33f1561289086e78e6e2beeac24ad79

  • SHA1

    95645e39642f44f2469dac1a737e5b3e70195709

  • SHA256

    0e016be64f1ff3c6e664c420389c59f174ff9f707e821fd3660c30094f5b6258

  • SHA512

    ed4fda0d72f42fe33e1664458573f2d849f790b195d85248748ff4514b1cf5aaacda30c8edd3536fb879ada38ff695d20dd9be328a588992e4b1cc858f9c8956

  • SSDEEP

    12288:G+G71t/rFfadLOUIFkYdiYlKIR4Q3lpIkEs6ZvHFswkL:xq1N5iaFkKlKIaYgkEs6Zi

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://ulysse-cazabonne.cam/PWS/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      03072024_0748_Air Waybill NO 6979374150.exe

    • Size

      566KB

    • MD5

      d33f1561289086e78e6e2beeac24ad79

    • SHA1

      95645e39642f44f2469dac1a737e5b3e70195709

    • SHA256

      0e016be64f1ff3c6e664c420389c59f174ff9f707e821fd3660c30094f5b6258

    • SHA512

      ed4fda0d72f42fe33e1664458573f2d849f790b195d85248748ff4514b1cf5aaacda30c8edd3536fb879ada38ff695d20dd9be328a588992e4b1cc858f9c8956

    • SSDEEP

      12288:G+G71t/rFfadLOUIFkYdiYlKIR4Q3lpIkEs6ZvHFswkL:xq1N5iaFkKlKIaYgkEs6Zi

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks