Overview

overview

10

Static

static

3

Purchase Order.exe

windows7-x64

10

Purchase Order.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    MalwareBazaar.2

  • Size

    507KB

  • Sample

    240723-l2xqfazenf

  • MD5

    cd8b4b98e6d4cffa0f503b0e64f4a032

  • SHA1

    d2243041d1c69de8d4fedb02797087146bae4906

  • SHA256

    cc38e6b727183283ff4ae3493c164e37ef3211936e4faac37d8a87e42920090b

  • SHA512

    3f89bc8882cfffd48265868b0b49eac9c2651adf90994e5b97c2ded8d6118c43e7fdff336e423333fcb7947ae13d97a9afa9ddfb68ad3ec5238538dcfaf11624

  • SSDEEP

    12288:EbTeOthJ09zDXzAv6ykB/Nx3yAX4HmNMHOWPt5Q:EbTeM30lLkpwbtX4IYD5Q

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://alphabetllc.top/alpha/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      Purchase Order.exe

    • Size

      602KB

    • MD5

      6b3cd623626ab815d5f59d87e8408275

    • SHA1

      96bac856b48ff62eee4416efb605dbedbcea5748

    • SHA256

      619b4e680f74f6c69a48837fd9ee5851be850035c46c12aaf0669139d1061de8

    • SHA512

      b7ed2edc5005f03f0b44f4c732de9f26eeb781d9e8668c0394acd1ad6d5882fb1841eeba9bb29a4e4bff1736c0c6382e452e5f3c19cb71469d757f77196cca13

    • SSDEEP

      12288:b9MR4VJ8OnhdQP5vlzAtKyaB7Nx3geXcF4ds:ZMRO80XQhdkzGHrXcads

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks