documentos de pago.PDF.exe

General
Target

documentos de pago.PDF.exe

Size

760KB

Sample

210113-zahrfbrtfn

Score
10 /10
MD5

449a403a895a0beb86e417a9d15d87f5

SHA1

4fb0f44bf5f2c74d52c03a0cdc48f4e514074238

SHA256

8d8a89300b4181a94e643c905af2518999195c6c9ada68e66d64be4ef3af42fe

SHA512

af4e58b4d5998dc740df4efe8ceb0d611e96ae6b0d43b315cc5dc4dedf0c3c5b0b30df03c4e6b3ea4534d5d66d2597a277a5a5ccc2897da3c336174110a908c0

Malware Config

Extracted

Family lokibot
C2

http://51.195.53.221/p.php/qElaNgWyezEFV

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php
Targets
Target

documentos de pago.PDF.exe

MD5

449a403a895a0beb86e417a9d15d87f5

Filesize

760KB

Score
10 /10
SHA1

4fb0f44bf5f2c74d52c03a0cdc48f4e514074238

SHA256

8d8a89300b4181a94e643c905af2518999195c6c9ada68e66d64be4ef3af42fe

SHA512

af4e58b4d5998dc740df4efe8ceb0d611e96ae6b0d43b315cc5dc4dedf0c3c5b0b30df03c4e6b3ea4534d5d66d2597a277a5a5ccc2897da3c336174110a908c0

Tags

Signatures

  • Lokibot

    Description

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    Tags

  • Suspicious use of SetThreadContext

Related Tasks

behavioral1 behavioral2
MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10