Overview

overview

10

Static

static

1

Nalog za p...je.exe

windows7-x64

10

Nalog za p...je.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    15082024_0844_14082024_Nalog za plaćanje.tar

  • Size

    506KB

  • Sample

    240815-knc87sygqp

  • MD5

    72aa5c87209904f65bc7af1b8eeabd6d

  • SHA1

    30cb0976e405d878e2fa3cb3656b7c73b4485f27

  • SHA256

    fe80b9fd74d43096a8ece596001a3bec29b97114da9da2482e9a7a4b92dcfd92

  • SHA512

    db7efd3d3a7437ee4bd5880c0ceebe37e7590644e884548cc955ba6d34bec0741ecbd374914647981edf79e306d8bdb9a9ff0009d10846a048aabf1ae9d5fbf3

  • SSDEEP

    12288:PvgTcqHCNHIvx3wpZifh5uQAvQ7d1kYsTGw70r6VW/e:PvgTcqH7xDh5uQAvQjVwo+Q/e

Score
10/10
lokibotcollectioncredential_accessdiscoveryexecutionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://104.248.205.66/index.php/modify.php?edit=1

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      Nalog za plaćanje.cmd

    • Size

      529KB

    • MD5

      ad6ea9fec441ee8eea22769011a7f3a6

    • SHA1

      6a50660e260b552840553b52660c5aa4d895382f

    • SHA256

      bcde05bfdd3156399b95065ca23d7a2892f00c8d599b4450845ebaea9ff1bb13

    • SHA512

      11f196d447bdcb801e4d10d4d59d4e304492771205c0322e9451e477aea6c292473d3190e19bccef1f8997eeb814e2df2eb9300757357eab716b08044c6f46a7

    • SSDEEP

      12288:h0fY6FwuwrCBQKOT4seUcWztpUtGzr5NM6+XWap0PaRtCTpkR:qfY6FHwP/T5eJWkUiWaqDT0

    Score
    10/10
    lokibotcollectioncredential_accessdiscoveryexecutionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks