Overview

overview

10

Static

static

3

TNT Shippi...ts.exe

windows7-x64

3

TNT Shippi...ts.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f47f8689fa1a0fd966b51b37e49b4df7.bin

  • Size

    26KB

  • Sample

    240729-eknmwasdlj

  • MD5

    7a1006dbde0cc72b6fbeb9306882de13

  • SHA1

    71e3659d136e7d128a05850e1d9024bda4262a4c

  • SHA256

    242fd0dd3bdb82528717b002fecd9840fd250ffddbe5926832fb200b39d7c933

  • SHA512

    a5e87862a9092b6427e4aa60537778f8c8c059865226e56eef3f643b1add891a0358c0e81ca603d24b184d7c423bdca6406c90fa2ba6781182507a1843d094d3

  • SSDEEP

    768:f2Il6nK2YI3clRuNjM6hlGppSle7YjRkG:uIoXNjypE

Score
10/10
lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://104.248.205.66/index.php/file.php?an=74870072817

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      TNT Shipping Documents.exe

    • Size

      64KB

    • MD5

      0fa0517e3da3d0e14ca73aa140573a37

    • SHA1

      90b0c522ef09a57c9ba31a95db898115a810a0c2

    • SHA256

      5a4f747f9f958dade617f220d9cc236f53f31f1627e758a399c5ad30fd7eeda3

    • SHA512

      f5cc076c0402153396828cc996b59e5cb192de21d052c71b332902ea33ffbbb60a58a057cff236be9fd2a0453463ed4e8a9e901129be2bb93010c5e7bd784517

    • SSDEEP

      1536:bJY/ssWIoJ8sGFz7dmPzc818U0Q8z/g5:vIoJ5GFHuzs/g5

    Score
    10/10
    discoverylokibotcollectioncredential_accessspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks