Overview

overview

10

Static

static

3

0895613dd4...7b.exe

windows7-x64

10

0895613dd4...7b.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0895613dd4462d19ca353caea2efdf89d0fb8f1918e73d1ac74ec8a5fbfb827b.exe

  • Size

    489KB

  • Sample

    240726-qct1gatamb

  • MD5

    625e9c7c84a6a483a495626a23875a4b

  • SHA1

    73ce99fbd50d348305465ea209f5c87c52fba0b3

  • SHA256

    0895613dd4462d19ca353caea2efdf89d0fb8f1918e73d1ac74ec8a5fbfb827b

  • SHA512

    f9c5de9976e878cda5e805f66825127fc578cde33f5b1ee2ffe9b9e855528939000f6a1b7aa3de3756ced10b57ac20969c0e5a4b1a7ca8440c77204e741141a0

  • SSDEEP

    12288:zbs3/5X6MAch7DxSCJt9K1uBX16U+qK2ui9aZy/:fwBp5VzdbBEpqKpi9aZ

Score
10/10
lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

https://sempersim.su/c18/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      0895613dd4462d19ca353caea2efdf89d0fb8f1918e73d1ac74ec8a5fbfb827b.exe

    • Size

      489KB

    • MD5

      625e9c7c84a6a483a495626a23875a4b

    • SHA1

      73ce99fbd50d348305465ea209f5c87c52fba0b3

    • SHA256

      0895613dd4462d19ca353caea2efdf89d0fb8f1918e73d1ac74ec8a5fbfb827b

    • SHA512

      f9c5de9976e878cda5e805f66825127fc578cde33f5b1ee2ffe9b9e855528939000f6a1b7aa3de3756ced10b57ac20969c0e5a4b1a7ca8440c77204e741141a0

    • SSDEEP

      12288:zbs3/5X6MAch7DxSCJt9K1uBX16U+qK2ui9aZy/:fwBp5VzdbBEpqKpi9aZ

    Score
    10/10
    lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Data from Local System

1
T1005

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks