Overview

overview

10

Static

static

3

Alesto.exe

windows7-x64

1

Alesto.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Reciept & Tracking No_pdf.zip

  • Size

    54KB

  • Sample

    240725-jb3snayfjc

  • MD5

    f2a4aeb945977265df9e3b6b6c23d8ed

  • SHA1

    418ed59e1961af8faca31dcf89987d0a5db164c0

  • SHA256

    ae959b50f65f4597365f2aedd8c7b1e03a8319bd17f87fbd9dda7afc4f610a59

  • SHA512

    7b7a89043edabfbbfa6def249b511c753680b982239db8624232b758f08426ebfe1148f873e1b62f9b9be19cde69d5ea20f8f0fd4da049bdb2b1f58e323c46c6

  • SSDEEP

    1536:WXbM3PwZKymt7zdQFbCoQvuAfVfUTf6dIQyuOjCCVwRiY:mM/407zdpoX+Vkf6douqCCVDY

Score
10/10
lokibotcollectioncredential_accessspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://104.248.205.66/index.php/pages?s=1

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      Alesto.exe

    • Size

      134KB

    • MD5

      f9ced9634101aaa2dd0d90fe61ea17e4

    • SHA1

      55218280a9678d334035e070ce7451aab0827f07

    • SHA256

      4894b24b23a85fa09f9f27d4ba4d904c4eaaba676b04c16cbb8b61e038c42ce3

    • SHA512

      2be536104d3a70f90e6b32e202110fb5f7201aa3601a63866175afa68befaa4e5090e225440f02fbd62088ab3d25c65711a4dba6f5a86dbb2d3b1f21f5e91925

    • SSDEEP

      1536:Gy4fa9f5iiw76xIU0LvJJvqJeiRZpyCwwc8maG5qaPXtR6zncSOTPyZnCKZ7rbhS:GyzO4iqu8TAXtQncSO3R45n

    Score
    10/10
    lokibotcollectioncredential_accessspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks