Overview

overview

10

Static

static

scan copy-...df.exe

windows7_x64

10

scan copy-...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    scan copy-2125689_pdf.exe

  • Size

    676KB

  • Sample

    200707-tgflvav9ws

  • MD5

    a78c00ac45e583af6f1f2fdd337e5123

  • SHA1

    1b979ad2f69ab927323b0bc4898e393c4c72eb57

  • SHA256

    e0e2b9ccdeafb58afceb0e90a9365112b5cb9446054e06b18e9ef51841e6f36c

  • SHA512

    93e775c72f0032197c39470b09563a240c40259fb26c28264f40ff82f8c3af7aad2eec69b28a7e158bb8ee546f77d8567734a329ec0c11380e00d4a965a41fe2

Score
10/10
lokibotspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://rostovafile.ga/Colba2/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      scan copy-2125689_pdf.exe

    • Size

      676KB

    • MD5

      a78c00ac45e583af6f1f2fdd337e5123

    • SHA1

      1b979ad2f69ab927323b0bc4898e393c4c72eb57

    • SHA256

      e0e2b9ccdeafb58afceb0e90a9365112b5cb9446054e06b18e9ef51841e6f36c

    • SHA512

      93e775c72f0032197c39470b09563a240c40259fb26c28264f40ff82f8c3af7aad2eec69b28a7e158bb8ee546f77d8567734a329ec0c11380e00d4a965a41fe2

    Score
    10/10
    spywaretrojanstealerlokibot

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks