Overview

overview

10

Static

static

1

SHIPPMENT ...df.exe

windows7_x64

10

SHIPPMENT ...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SHIPPMENT schedule_MAR.pdf.arj

  • Size

    134KB

  • Sample

    210226-7qeemvwvex

  • MD5

    ad38cb0c12209954168a3fd00304a066

  • SHA1

    d551924b1653af70c302926011752db57e4fecf4

  • SHA256

    fb47f63aa76d3d93d9de692bc91961d885e320525a9ac37a917ca69570d962fa

  • SHA512

    2be48d4f3fb2bff555586e0c995dd6df222d9819ae1a077f4bb7132ff76b770b646acd904dcd9b42e69a2f501932e3b0207214bda8930e4816ebde22ddfeec44

Score
10/10
lokibotspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://becharnise.ir/fb5/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      SHIPPMENT schedule_MAR_pdf.exe

    • Size

      148KB

    • MD5

      d11cc82aa25ccf205491dfc2dc182422

    • SHA1

      e7b78fdf8720f7ce6c473fe36cdd3054fac339b8

    • SHA256

      8c772d9370e0553312c599e768351e56c8a8acdf4abd59cd1ea10d5a9a7f3d75

    • SHA512

      8f13ae8b2558051c0cae3753720195cce20eb79373011f4f20821d8d3684df0ead5597cc47066de11531a4f0cb8080122747990b76a426c42b08eeaf44d74739

    Score
    10/10
    lokibotspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Executes dropped EXE

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks