Overview

overview

10

Static

static

0c7b624462...29.exe

windows7_x64

10

0c7b624462...29.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0c7b624462f4f6adc240631b4c6f0ff2b2af456b2d86880716e744d943f10b29.exe

  • Size

    611KB

  • Sample

    201205-h9w6xe43gs

  • MD5

    af6956c3441b679ff98850c499c3c45e

  • SHA1

    de44a12ab89fbecfa350ce21d679c0c04cbe64b2

  • SHA256

    0c7b624462f4f6adc240631b4c6f0ff2b2af456b2d86880716e744d943f10b29

  • SHA512

    0b7cd09d545b703a743c10882e446d2572925d56b3a947480107d6ebc8d6607d527a4898d9eb6dea643a9d969bf5d2da77d65c6778aa8c4bfe2dd532f48b5265

Score
10/10
lokibotpersistencespywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://185.239.242.195/os/2b/cgi.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      0c7b624462f4f6adc240631b4c6f0ff2b2af456b2d86880716e744d943f10b29.exe

    • Size

      611KB

    • MD5

      af6956c3441b679ff98850c499c3c45e

    • SHA1

      de44a12ab89fbecfa350ce21d679c0c04cbe64b2

    • SHA256

      0c7b624462f4f6adc240631b4c6f0ff2b2af456b2d86880716e744d943f10b29

    • SHA512

      0b7cd09d545b703a743c10882e446d2572925d56b3a947480107d6ebc8d6607d527a4898d9eb6dea643a9d969bf5d2da77d65c6778aa8c4bfe2dd532f48b5265

    Score
    10/10
    lokibotpersistencespywarestealertrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks