Overview

overview

10

Static

static

3

c58c8ef304...1a.exe

windows7-x64

3

c58c8ef304...1a.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    c58c8ef304569dc14905621c03d617eb2ac6d492bf4155f40663417a44724e1a

  • Size

    181KB

  • Sample

    240918-qyqj6stekd

  • MD5

    90b74db5b66c1caa3d3dcac028249061

  • SHA1

    e6bec069163182d6f147a726606afed47c9fc0bf

  • SHA256

    c58c8ef304569dc14905621c03d617eb2ac6d492bf4155f40663417a44724e1a

  • SHA512

    43dc20a5274f69765ef7a76397f535b69d91808c760b13ec7f667a907ee9af6311d1eee243ed009e474c94911aa1f43131c56f8b736c12d15205d0219ac16262

  • SSDEEP

    3072:loi+i2csAinGOskRYlRPQhD/j1ctnTd+ct2kwvKEAmjc+S:pUsnIMR3EAmg+

Score
10/10
lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

https://dddotx.shop/Mine/PWS/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      c58c8ef304569dc14905621c03d617eb2ac6d492bf4155f40663417a44724e1a

    • Size

      181KB

    • MD5

      90b74db5b66c1caa3d3dcac028249061

    • SHA1

      e6bec069163182d6f147a726606afed47c9fc0bf

    • SHA256

      c58c8ef304569dc14905621c03d617eb2ac6d492bf4155f40663417a44724e1a

    • SHA512

      43dc20a5274f69765ef7a76397f535b69d91808c760b13ec7f667a907ee9af6311d1eee243ed009e474c94911aa1f43131c56f8b736c12d15205d0219ac16262

    • SSDEEP

      3072:loi+i2csAinGOskRYlRPQhD/j1ctnTd+ct2kwvKEAmjc+S:pUsnIMR3EAmg+

    Score
    10/10
    discoverylokibotcollectioncredential_accessspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

      credential_accessstealer

    • Downloads MZ/PE file

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks