Overview

overview

10

Static

static

5

Checllist.exe

windows7-x64

10

Checllist.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Checllist.exe

  • Size

    1.3MB

  • Sample

    250214-qy7hpaxqen

  • MD5

    0ffdc61f8ca663c84e9694bc3584be26

  • SHA1

    1e081083bf4a64a008bfede3afbb11a05832a036

  • SHA256

    c1bafa23c5ab432038bcbb5f241811e784a55dfbe33242bf3f6cd695db34215d

  • SHA512

    9b2a13991278e2942105b58d3b5f7ab531b73d8ee46ecb8f5c9abccd2b5a307c49f6a801211b8b4e244304565737a019276f07761f7b5b16e8ec360317ace880

  • SSDEEP

    24576:au6J33O0c+JY5UZ+XC0kGso6FaeSVAb8lBbWY:su0c++OCvkGs9FaeSoY

Score
10/10
lokibotcollectiondiscoveryspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://94.156.177.41/alpha/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      Checllist.exe

    • Size

      1.3MB

    • MD5

      0ffdc61f8ca663c84e9694bc3584be26

    • SHA1

      1e081083bf4a64a008bfede3afbb11a05832a036

    • SHA256

      c1bafa23c5ab432038bcbb5f241811e784a55dfbe33242bf3f6cd695db34215d

    • SHA512

      9b2a13991278e2942105b58d3b5f7ab531b73d8ee46ecb8f5c9abccd2b5a307c49f6a801211b8b4e244304565737a019276f07761f7b5b16e8ec360317ace880

    • SSDEEP

      24576:au6J33O0c+JY5UZ+XC0kGso6FaeSVAb8lBbWY:su0c++OCvkGs9FaeSoY

    Score
    10/10
    lokibotcollectiondiscoveryspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Lokibot family

      lokibot

    • Downloads MZ/PE file

    • Drops startup file

    • Executes dropped EXE

    • Loads dropped DLL

    • Accesses Microsoft Outlook profiles

      collection

    • AutoIT Executable

      AutoIT scripts compiled to PE executables.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks