Overview

overview

10

Static

static

ad511691e7...e5.exe

windows7_x64

10

ad511691e7...e5.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ad511691e78c78c8bf5cb7e31b5e5fe5.exe

  • Size

    1.1MB

  • Sample

    200624-awqj6vpm66

  • MD5

    ad511691e78c78c8bf5cb7e31b5e5fe5

  • SHA1

    a5272e4d8c29769c04a9501d3fef43d60e534796

  • SHA256

    8b1e6b21b170c9f30c56b8b600884c31098629e92fabfadf563cdc486ef3c8a0

  • SHA512

    221aba69cc0c548b97141be7b0c7d25b4887701868b4a27abb7b4802183e2370341432a22f1605ad28b71a01fd5f1e216f9aeadc09255f03736679e850c891ab

Score
10/10
lokibotspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://b2bseller.ga/choolee/gate.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      ad511691e78c78c8bf5cb7e31b5e5fe5.exe

    • Size

      1.1MB

    • MD5

      ad511691e78c78c8bf5cb7e31b5e5fe5

    • SHA1

      a5272e4d8c29769c04a9501d3fef43d60e534796

    • SHA256

      8b1e6b21b170c9f30c56b8b600884c31098629e92fabfadf563cdc486ef3c8a0

    • SHA512

      221aba69cc0c548b97141be7b0c7d25b4887701868b4a27abb7b4802183e2370341432a22f1605ad28b71a01fd5f1e216f9aeadc09255f03736679e850c891ab

    Score
    10/10
    spywaretrojanstealerlokibot

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks