Overview

overview

10

Static

static

1

d859b65841...32.exe

windows7-x64

10

d859b65841...32.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    d859b658417fc5c9aaf0d48deb3ff84420107c9419b4fe2b95a1079e711ac432.exe

  • Size

    699KB

  • Sample

    241122-xf68jawmex

  • MD5

    38207dadf8e4e4b1767fa92ac77be33a

  • SHA1

    77cc947be7e5acc239cf176d108ccca91555d5c6

  • SHA256

    d859b658417fc5c9aaf0d48deb3ff84420107c9419b4fe2b95a1079e711ac432

  • SHA512

    5f6dc5e247f7088b142c6eea2248f5c48f09f47336eaf98df05b0c164bbf387e084d2dfea41a8b2973cab166e2c937346e4e0e766223e6fed5b454ab6f806b4b

  • SSDEEP

    12288:uB2zj/+CrtawWTlTmLkHN6DSG8cFaVVfRYDEF/ct7oSFduBCTb6HIALUdXVfIy6:HaC0wIlTWkHoDfFabRYDEFk5oSX4CTWD

Score
10/10
lokibotcollectiondiscoveryspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://smartcamainpowerizman.sytes.net/ioknfbgj/Panel/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      d859b658417fc5c9aaf0d48deb3ff84420107c9419b4fe2b95a1079e711ac432.exe

    • Size

      699KB

    • MD5

      38207dadf8e4e4b1767fa92ac77be33a

    • SHA1

      77cc947be7e5acc239cf176d108ccca91555d5c6

    • SHA256

      d859b658417fc5c9aaf0d48deb3ff84420107c9419b4fe2b95a1079e711ac432

    • SHA512

      5f6dc5e247f7088b142c6eea2248f5c48f09f47336eaf98df05b0c164bbf387e084d2dfea41a8b2973cab166e2c937346e4e0e766223e6fed5b454ab6f806b4b

    • SSDEEP

      12288:uB2zj/+CrtawWTlTmLkHN6DSG8cFaVVfRYDEF/ct7oSFduBCTb6HIALUdXVfIy6:HaC0wIlTWkHoDfFabRYDEFk5oSX4CTWD

    Score
    10/10
    lokibotcollectiondiscoveryspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Lokibot family

      lokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks