Overview

overview

10

Static

static

3

PO772986.exe

windows7-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    PO772986.exe

  • Size

    656KB

  • Sample

    250226-eksltsxlz8

  • MD5

    04123d5520d6eff585c03e96b02c9446

  • SHA1

    bfebae123679cf50b6a82d53e4557472dc036b95

  • SHA256

    9b9cfba2ff3b094cd28f4483e7520b07ea46d3e99f96f173835c81eaed289221

  • SHA512

    eee6019ac66b9d5cb3a41964a990f9746db4f7bf65147c8bc79591e260a10d55efd8c7572cdbde92a80c88b999076b6a94ee717e8a0074816ba0310801ac2151

  • SSDEEP

    6144:uau3IHhrLZqtmQgfiL0LP9fbvU+GkJsvZ1zrOOPj0If6oM:vu3S1kL8ZFGMiHQICl

Score
10/10
lokibotcollectiondiscoveryspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://185.227.139.5/sxisodifntose.php/4LlT7SRZcUYvF

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      PO772986.exe

    • Size

      656KB

    • MD5

      04123d5520d6eff585c03e96b02c9446

    • SHA1

      bfebae123679cf50b6a82d53e4557472dc036b95

    • SHA256

      9b9cfba2ff3b094cd28f4483e7520b07ea46d3e99f96f173835c81eaed289221

    • SHA512

      eee6019ac66b9d5cb3a41964a990f9746db4f7bf65147c8bc79591e260a10d55efd8c7572cdbde92a80c88b999076b6a94ee717e8a0074816ba0310801ac2151

    • SSDEEP

      6144:uau3IHhrLZqtmQgfiL0LP9fbvU+GkJsvZ1zrOOPj0If6oM:vu3S1kL8ZFGMiHQICl

    Score
    10/10
    lokibotcollectiondiscoveryspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Lokibot family

      lokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks