Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

5

cryptolaemus

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    eec24916fc0a978ae5cb878efea2c7cd5c0403783e4e7c438a739b6fa8e30703

  • Size

    367KB

  • Sample

    240806-yskqqsyfqq

  • MD5

    3edc8e31efe97c259c8f2eebbbb4da98

  • SHA1

    1692639db61f72b4e1bfa80e4a55bc1cfa8bb129

  • SHA256

    eec24916fc0a978ae5cb878efea2c7cd5c0403783e4e7c438a739b6fa8e30703

  • SHA512

    65f40b27c53379426e398d6e8ec7e2e64ea836bf4a9871f2aca7c66ef2baba0eb6a512611e935d5a2a3585b56c806d2b0a2ac9dc73cf3f71afa68a34596bae35

  • SSDEEP

    6144:lykHWlFEnk3OQdZXq5Brr5JhV/Vz27y1svOwEi4ZABsQCDVlPMimKv6BPBIi+7PM:lpybZXGnbhSGsvOri4ZZdnMim3NB5iw9

Score
10/10
lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://94.156.66.169:5788/bhvstgd/Panel/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      eec24916fc0a978ae5cb878efea2c7cd5c0403783e4e7c438a739b6fa8e30703

    • Size

      367KB

    • MD5

      3edc8e31efe97c259c8f2eebbbb4da98

    • SHA1

      1692639db61f72b4e1bfa80e4a55bc1cfa8bb129

    • SHA256

      eec24916fc0a978ae5cb878efea2c7cd5c0403783e4e7c438a739b6fa8e30703

    • SHA512

      65f40b27c53379426e398d6e8ec7e2e64ea836bf4a9871f2aca7c66ef2baba0eb6a512611e935d5a2a3585b56c806d2b0a2ac9dc73cf3f71afa68a34596bae35

    • SSDEEP

      6144:lykHWlFEnk3OQdZXq5Brr5JhV/Vz27y1svOwEi4ZABsQCDVlPMimKv6BPBIi+7PM:lpybZXGnbhSGsvOri4ZZdnMim3NB5iw9

    Score
    10/10
    discoverylokibotcollectioncredential_accessspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks