Overview

overview

10

Static

static

10

Devil.exe

windows7-x64

10

Devil.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Devil.exe

  • Size

    104KB

  • Sample

    250211-jvxezs1kcz

  • MD5

    eb6beba0181a014ac8c0ec040cb1121a

  • SHA1

    52805384c7cd1b73944525c480792a3d0319b116

  • SHA256

    f87b4e7c69ce161743f4b9b0001d7376e163d615ce477c390f63cadf09ffc5d4

  • SHA512

    0afb9a7d180fe017520afb39e954821f77c8b6e2e11bbf73402dcdade231d07f3b755f40606252c917b51a0f5f32d499b96b30e7f2f617c50e709eae4cd80ae4

  • SSDEEP

    1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG

Score
10/10
lokibotcollectiondiscoveryspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

https://rottot.shop/Devil/PWS/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      Devil.exe

    • Size

      104KB

    • MD5

      eb6beba0181a014ac8c0ec040cb1121a

    • SHA1

      52805384c7cd1b73944525c480792a3d0319b116

    • SHA256

      f87b4e7c69ce161743f4b9b0001d7376e163d615ce477c390f63cadf09ffc5d4

    • SHA512

      0afb9a7d180fe017520afb39e954821f77c8b6e2e11bbf73402dcdade231d07f3b755f40606252c917b51a0f5f32d499b96b30e7f2f617c50e709eae4cd80ae4

    • SSDEEP

      1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG

    Score
    10/10
    lokibotcollectionspywarestealertrojandiscovery

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Lokibot family

      lokibot

    • Downloads MZ/PE file

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection
    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks