Overview

overview

10

Static

static

1

Fizetesi m...09.exe

windows7-x64

10

Fizetesi m...09.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    10072024_0034_09072024_Fizetesi masolat 20240709.tar

  • Size

    607KB

  • Sample

    240710-awr28avgql

  • MD5

    3720112091c31671a1985ea47354a4b6

  • SHA1

    2eb55c36b3ca72ac7b3092a149435f5b9a35414a

  • SHA256

    0b34333b12509f5aa8b46a85937c3d6eb1ca3417fb59444f734a1dfb92a280e6

  • SHA512

    c8275c6419b7cfbeb3d0a75d66ce862b561af1f41de84bc3bcc5257cb54ae87eab8c621117b852c6020a2251e6e753e4a38d63c3b960fbff8a1dbeef5227b57f

  • SSDEEP

    12288:AxOhQNVQX6FOXNdkm0fvZXAeyL3dGH9pYfgQy7nPaa+VXaSUf5/bNyEq0FaJHuBU:AxO0QX6FOXNj8ZX5aao0eauZa5/+xJOq

Score
10/10
lokibotcollectionexecutionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://104.248.205.66/index.php/modify.php?edit=1

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      Fizetesi masolat 20240709.cmd

    • Size

      868KB

    • MD5

      f878305d4b3c90f7e5b661a50e3f2015

    • SHA1

      328819706a70fcca63b4515465f91ed77ce42526

    • SHA256

      3e714e85b0cc93cb208d70a356f2a82a9e8077a6cda9ef4416aaccc22357d964

    • SHA512

      1ba2b0a374572022ef7a4d0d25ef35660b5952ed7e6d5d7d22d95e11684b6743698b37d51a924cc1ab7e55c9c5e2380b93128f4911ddcff86399e1eb99f8c6a7

    • SSDEEP

      12288:FLYVA71rmAN2iN/eqchE27YBCISDc6Wx/CGEicu6ZGaPG14GBcoRJ/p4McZ1rCrj:pY0rmAN1FeqQHgl15EiFKkAoRb

    Score
    10/10
    lokibotcollectionexecutionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks