Overview

overview

10

Static

static

1

Törölt f...�s.exe

windows7-x64

10

Törölt f...�s.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    22082024_1241_21082024_Törölt fizetési megbízás.tar

  • Size

    499KB

  • Sample

    240822-pwyx4azfrl

  • MD5

    560100ee8cef8717f11dd5f60c3cc71b

  • SHA1

    2bb320247d81caebeb636a35306eaba794fe18df

  • SHA256

    a5cb9f9ba99994ddfb88da41c1e663841ed66f344e5ffc8d15221bca46195533

  • SHA512

    6a7eeade8aeea0b1c960c768c3af3047b86e9cdf7db4fd95f50b33afb70c9cb5e5b4f5d34ce0c93580273865d822795bacd5709d9d2f7b123fde255f1aeaaca5

  • SSDEEP

    6144:XDPu5bnZg23M2W9bvhzXBOcSZIZrz9xoTPUSr1OQtLrqXDQvKr9s5eHOaKyo8EP/:XuZVLW9xXBQj1HrS8vuHO7p82cQTs5Sh

Score
10/10
lokibotcollectioncredential_accessdiscoveryexecutionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://104.248.205.66/index.php/modify.php?edit=1

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      Törölt fizetési megbízás.cmd

    • Size

      569KB

    • MD5

      6ca48a4a30a1537b228e1c797972734e

    • SHA1

      dcc43dbd8a5cb5e79a9bea6b939861cd60b621c8

    • SHA256

      f028e0d3e43400870c714814ab38d60da657cb6929f88c28be00500cc3315b65

    • SHA512

      b2a558aa48f2f392deabf28ba1b2b7ea10311572c4918d458ad53c089a37f85e0986ed064b637bb708165c1233e6f50fbcf9dcda4b9caad60341218933f21819

    • SSDEEP

      12288:roL3rlW4E0Gx/KskbB0NVGutQKeq53gOdoUkR:Mv4J/KXRutx95oT

    Score
    10/10
    lokibotcollectioncredential_accessdiscoveryexecutionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

      execution

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks