Overview

overview

10

Static

static

3

28766d53e0...32.exe

windows7-x64

10

28766d53e0...32.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2922c109e30c924b0bc979434cc36f52.bin

  • Size

    161KB

  • Sample

    240726-b7gaja1hrb

  • MD5

    e6ddfee4ca3278eef7ea43a9a4df6853

  • SHA1

    d876908f95f5e85c22b5e89461aa7572cae836fd

  • SHA256

    d8df96a70be6ca8efaccddcdf93adb72cf186788a4ef2c6a23389e6a38d7dac3

  • SHA512

    0f1b91d677ff6908b12a9a72aa7d332d7702d65529fd128c6d78d7006e6b2b95a75d502887aaae64ae3d4a18e4ce0b33176f59a72b26fdbd199e5a392c66a3e6

  • SSDEEP

    3072:z3m+Wi6Tu9rFlZvfRKcpC0ha6kL0AM0hk7xwzRnhEKhkxZS6K:z3m7iyu9RnpP7e0ADhk7xwzAF/u

Score
10/10
lokibotaspackv2collectioncredential_accessdiscoveryspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://164.90.194.235/?id=22044231991792986

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      28766d53e02141d8332cdb160ebbc4bee6df26596d0c041e15aae650d6613d32.exe

    • Size

      270KB

    • MD5

      2922c109e30c924b0bc979434cc36f52

    • SHA1

      4230742e046551ddc3145baf6ef5dcf99ba394f2

    • SHA256

      28766d53e02141d8332cdb160ebbc4bee6df26596d0c041e15aae650d6613d32

    • SHA512

      db12152c664d45b6c7fcec8b13d8984da75b2bce265e006d1c7e013ad7183ff050ecdc908224060c99ad801365412bd4abe220d4ae8d5c6b7c669f8b27b2016b

    • SSDEEP

      6144:E917J2Wor8Z4gPjdq5Q1a5Q75ybFvjyTLtnoa:EHTor8Z4gJGQp75qRy

    Score
    10/10
    lokibotaspackv2collectioncredential_accessdiscoveryspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • ASPack v2.12-2.42

      Detects executables packed with ASPack v2.12-2.42

      aspackv2

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks