Overview

overview

10

Static

static

3

6a93a157b3...73.exe

windows7-x64

10

6a93a157b3...73.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    6a93a157b3bcb0d13e61ace2f3735864c7636bd462569d435590eb5730d45cdf_a80b7efeeabb9fb3c240fcac9ae0c121a732d6896480f437b66913f16c19f440.exe

  • Size

    263KB

  • Sample

    240822-gb719svakr

  • MD5

    02b123199a5c34ef343209dd9bfb295d

  • SHA1

    6859c7a747123fd8b08bceaab5d1ce57a2a92b17

  • SHA256

    a80b7efeeabb9fb3c240fcac9ae0c121a732d6896480f437b66913f16c19f440

  • SHA512

    a505ebc86ce49b6b394997913ae981a63b41732bb548bb2da636cc939e81176977e928aaa4837ae0907d966b1f177ef5979d80690be07707ce30650c1e4d5a90

  • SSDEEP

    3072:b6Wsxs5zRMOuBbvYRe8ZPzFJHqKYi8l3Ecgvkgr25Roadr:OtkRbuBrcLWR1hg83jN

Score
10/10
lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://sempersim.su/gf4/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      6a93a157b3bcb0d13e61ace2f3735864c7636bd462569d435590eb5730d45cdf_a80b7efeeabb9fb3c240fcac9ae0c121a732d6896480f437b66913f16c19f440.exe

    • Size

      263KB

    • MD5

      02b123199a5c34ef343209dd9bfb295d

    • SHA1

      6859c7a747123fd8b08bceaab5d1ce57a2a92b17

    • SHA256

      a80b7efeeabb9fb3c240fcac9ae0c121a732d6896480f437b66913f16c19f440

    • SHA512

      a505ebc86ce49b6b394997913ae981a63b41732bb548bb2da636cc939e81176977e928aaa4837ae0907d966b1f177ef5979d80690be07707ce30650c1e4d5a90

    • SSDEEP

      3072:b6Wsxs5zRMOuBbvYRe8ZPzFJHqKYi8l3Ecgvkgr25Roadr:OtkRbuBrcLWR1hg83jN

    Score
    10/10
    lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks