Overview

overview

10

Static

static

3

5b82fc5190...e6.exe

windows7-x64

10

5b82fc5190...e6.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    5b82fc5190c0d6644a7eabdf20be1dfdd96d7d8a46d3c329ba2a48b96f7e26e6.exe

  • Size

    377KB

  • Sample

    241005-bq4z9sxcmj

  • MD5

    6746fbb343ddec70416177f77ef83c2a

  • SHA1

    13a2698094e6513427c06721df1cc5de2132d5f4

  • SHA256

    5b82fc5190c0d6644a7eabdf20be1dfdd96d7d8a46d3c329ba2a48b96f7e26e6

  • SHA512

    4106edbf6a07e209045bdce8286f9cb5c9983afb21551419c32228a4eb1e87c57c88cb7615c67a263d036a892edab1cc6d4f46e33116f65c4405955a7e8cc3a4

  • SSDEEP

    6144:Bck/TkPW2vPboDIW8rxp+Q8TA6muV4UByhH9D2B2VP15AHAWJCO/9MCURXrtSygU:xXGTo0hr+Q8TBmuaGu9aB2VP1x0ErtSK

Score
10/10
lokibotcollectiondiscoveryspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://freighteightonecam.sytes.net/ndifygidj/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      5b82fc5190c0d6644a7eabdf20be1dfdd96d7d8a46d3c329ba2a48b96f7e26e6.exe

    • Size

      377KB

    • MD5

      6746fbb343ddec70416177f77ef83c2a

    • SHA1

      13a2698094e6513427c06721df1cc5de2132d5f4

    • SHA256

      5b82fc5190c0d6644a7eabdf20be1dfdd96d7d8a46d3c329ba2a48b96f7e26e6

    • SHA512

      4106edbf6a07e209045bdce8286f9cb5c9983afb21551419c32228a4eb1e87c57c88cb7615c67a263d036a892edab1cc6d4f46e33116f65c4405955a7e8cc3a4

    • SSDEEP

      6144:Bck/TkPW2vPboDIW8rxp+Q8TA6muV4UByhH9D2B2VP15AHAWJCO/9MCURXrtSygU:xXGTo0hr+Q8TBmuaGu9aB2VP1x0ErtSK

    Score
    10/10
    lokibotcollectiondiscoveryspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks