Overview

overview

10

Static

static

3

33f3dc0386...dd.exe

windows7-x64

10

33f3dc0386...dd.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    33f3dc03864d8d5cce813683d49ad2dd.exe

  • Size

    545KB

  • Sample

    240723-hn8c8ssgqd

  • MD5

    33f3dc03864d8d5cce813683d49ad2dd

  • SHA1

    e8dfde644b945723e2fa9744f114bdd84be8068b

  • SHA256

    84fb2ec298bec7a70493394b6d6caabcd0522a8f5f7753d8e725118c7e08da4e

  • SHA512

    7723efdf7655847710fdf142477d5ff1496cec97f8043a3a14c82a554eb0f56bd1d96b420b118aa265636f59debfb721d950e71c21aec44bf5765e5710d68ded

  • SSDEEP

    12288:5SRxwoIc09Irw6d5tvWTZtnz63hDxcbWO9z4TLuwB1l:5SfwoIc09IvjvWlJYDxBWmz1l

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://overclockingmachines.info/bally/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      33f3dc03864d8d5cce813683d49ad2dd.exe

    • Size

      545KB

    • MD5

      33f3dc03864d8d5cce813683d49ad2dd

    • SHA1

      e8dfde644b945723e2fa9744f114bdd84be8068b

    • SHA256

      84fb2ec298bec7a70493394b6d6caabcd0522a8f5f7753d8e725118c7e08da4e

    • SHA512

      7723efdf7655847710fdf142477d5ff1496cec97f8043a3a14c82a554eb0f56bd1d96b420b118aa265636f59debfb721d950e71c21aec44bf5765e5710d68ded

    • SSDEEP

      12288:5SRxwoIc09Irw6d5tvWTZtnz63hDxcbWO9z4TLuwB1l:5SfwoIc09IvjvWlJYDxBWmz1l

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks