Overview

overview

10

Static

static

1

Piedāvāj...26.hta

windows7-x64

10

Piedāvāj...26.hta

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    30092024_1147_30092024_Piedāvājuma pieprasījums (Ventspils Augstskolas) LV24-0926.rar

  • Size

    4KB

  • Sample

    240930-nx7e7atcqk

  • MD5

    69a23c267b86d7b65af73236ab39fe73

  • SHA1

    2f04cfbb0549523ade1682a379f3e831b41b1adb

  • SHA256

    7f1794570e175bf12769d652c17a60557f3d61952deb5eec61a4a1ba329035c3

  • SHA512

    895edd8d376c97b1b47ea764897b4f67c69c743d7f79fb6b07cbdc7522374e9421a015f7086c4632c0de8920f416f49758a26984cde2f1f6a859b9279db3dd6a

  • SSDEEP

    96:ZHrqW/+4reYgjcDdnTPqADqVMKNjctBOS8770HT:lqW/+ejgwDdTiADq+KNKBO1n0

Score
10/10
lokibotcollectiondiscoveryspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://168.100.10.152/index.php/wp.php?view=1

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      Piedāvājuma pieprasījums (Ventspils Augstskolas) LV24-0926.hta

    • Size

      7KB

    • MD5

      6478016f557127bcb15e168eb8275c75

    • SHA1

      595e5d9cc7472660ec4e0c182a633014a43c974c

    • SHA256

      acc9d013bc7c54953fd61c5626bcb2378452656ab98a3ef7c9bdeb5b57455933

    • SHA512

      b5a9873d8c1ea36d7aae2e4974f233616221a316deb05ca5dd8b1c423f191c8cd8538f55d13f4d62cc4dab9347bd4b45d93f7dab5acf2d91f7041ceeb578ec46

    • SSDEEP

      96:bpYfMEPTs5q+PgNbvrQZwJrOX32pdF60+oKOnPFIi/fds1R7b8eEj+ErV3/53/yw:yVsiBvrQSNOWp1nh1y7bgq+VRPFih8Gc

    Score
    10/10
    lokibotcollectiondiscoveryspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Blocklisted process makes network request

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of NtCreateThreadExHideFromDebugger

    • Suspicious use of NtSetInformationThreadHideFromDebugger

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks