Overview

overview

10

Static

static

4930505aa3...4f.exe

windows7_x64

10

4930505aa3...4f.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4930505aa3f93d1a2208358ebe555b87c16222da150fd728c2a92f1d0dcf774f.exe

  • Size

    604KB

  • Sample

    201205-t33ed9dcyn

  • MD5

    5e90cbe0ca793c5f2f41b38efd18e063

  • SHA1

    82cb121be4fe27f2c686eb2491f068e8577f5de7

  • SHA256

    4930505aa3f93d1a2208358ebe555b87c16222da150fd728c2a92f1d0dcf774f

  • SHA512

    302d6401959105e5009fc585002bf0a950d50e397a42ed8e15be82376b57897ab2d741e1df591c9e7fa32e8bc5aad7a08fa3fa6f62fcfec0cb16d996c645398e

Score
10/10
lokibotpersistencespywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://185.239.242.195/po1/1/cgi.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      4930505aa3f93d1a2208358ebe555b87c16222da150fd728c2a92f1d0dcf774f.exe

    • Size

      604KB

    • MD5

      5e90cbe0ca793c5f2f41b38efd18e063

    • SHA1

      82cb121be4fe27f2c686eb2491f068e8577f5de7

    • SHA256

      4930505aa3f93d1a2208358ebe555b87c16222da150fd728c2a92f1d0dcf774f

    • SHA512

      302d6401959105e5009fc585002bf0a950d50e397a42ed8e15be82376b57897ab2d741e1df591c9e7fa32e8bc5aad7a08fa3fa6f62fcfec0cb16d996c645398e

    Score
    10/10
    lokibotpersistencespywarestealertrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks