Overview

overview

10

Static

static

3

Purchase Order.exe

windows7-x64

10

Purchase Order.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Purchase Order.exe

  • Size

    520KB

  • Sample

    240716-q5nzxsycqe

  • MD5

    cdad057bf858cecb47bcf67d3b9fe985

  • SHA1

    0e51ac74967a4771cc5b0e0fa16039da7d1ad97b

  • SHA256

    05f763c6293bbf6ea3cb055043265326f6d714b30b7032a6fcbe236bf46233d9

  • SHA512

    4508956347171da74e06c8b7aa5dd6810d2d2923065a47ebd4790644729db39c4e3ea77ceaf36898515413fd7a10666987706fae293957ecbf8fd87f92117292

  • SSDEEP

    12288:KQdRlF6OB7cYznoRyTctRdJyzjDA/N0AJ7y0muakyLb5Z:fRv6OB42oRyTgyzjDA/iARmZkMdZ

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://verose.top/alpha/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      Purchase Order.exe

    • Size

      520KB

    • MD5

      cdad057bf858cecb47bcf67d3b9fe985

    • SHA1

      0e51ac74967a4771cc5b0e0fa16039da7d1ad97b

    • SHA256

      05f763c6293bbf6ea3cb055043265326f6d714b30b7032a6fcbe236bf46233d9

    • SHA512

      4508956347171da74e06c8b7aa5dd6810d2d2923065a47ebd4790644729db39c4e3ea77ceaf36898515413fd7a10666987706fae293957ecbf8fd87f92117292

    • SSDEEP

      12288:KQdRlF6OB7cYznoRyTctRdJyzjDA/N0AJ7y0muakyLb5Z:fRv6OB42oRyTgyzjDA/iARmZkMdZ

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks