Overview

overview

10

Static

static

1

potvda.exe

windows7-x64

10

potvda.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    10072024_1523_10072024_potvda.tar

  • Size

    618KB

  • Sample

    240710-ssza8sxemb

  • MD5

    431303608349fa7c5c71ca80e6747749

  • SHA1

    a4f879363d4c70478f9fc489770596d74eea9cf6

  • SHA256

    45c713385eed38e3f4f67e5e10c18d04b5d79d955e5a64e27dbe1ef58865f199

  • SHA512

    729e0e961ec2fec4ab67095c0da59bafb3054a25e1bbbd1d6fd5423084fa6d86a2a4c26db4ca56094dee3b9aee6a732f983fa677ad1d8804aaff2ae5d62a560e

  • SSDEEP

    12288:q7IgB18gut6HEzM5PTOgzeXxLjAv4NiHUXWBYPpLnP2yirHUcHnzBYdhXm9gTm2C:eIMiHQGM5LOue9jz8DmPx3irHUcHlisD

Score
10/10
lokibotcollectionexecutionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://104.248.205.66/index.php/modify.php?edit=1

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      potvda.cmd

    • Size

      832KB

    • MD5

      7a38b6b16571cd9196cca4490f314994

    • SHA1

      347938815e3063d617dedd5e7c707702dc51e00f

    • SHA256

      48f20e7300b3135099a86866ee6028aad2a0ba260b8ff3ae60c3d47fb3bd447b

    • SHA512

      7ae2673d358fbd6b8c366a3f42824282002103abc3e65768e8d01db6727f1f027e57d3cc9f2eb68acfafafe0700e056209d63cf3c130172598455225f1107f6b

    • SSDEEP

      24576:4Cm1uvN9rECr8dyzNKMN0su2PawPgeFX6Mrnx:oufn7N0s9iw4ehnnx

    Score
    10/10
    lokibotcollectionexecutionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks