Overview

overview

10

Static

static

1

comprobant...df.exe

windows7_x64

10

comprobant...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    comprobante de pago $ 60,250·pdf.exe

  • Size

    156KB

  • Sample

    210226-k3lh7b3n8e

  • MD5

    f236c5ab7d649c9a0cf41cd630625c8e

  • SHA1

    de36fd44128dfe472c5608db4eb5877c968da4f9

  • SHA256

    97a715f8f119a00b01a264f4206bcb050fa0eb9a87d775d3c1acbeb89536da53

  • SHA512

    e3158a904d6a30226f5b1381b8b50a12e604aca4ca5d2f7c64c07e42c75aacae6083e24b188afd9be59ee8d246e02f41150d02ee1b5ee9d81d075d28f049c18e

Score
10/10
lokibotspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://51.195.53.221/p.php/S7zr5v1fXI3Rb

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      comprobante de pago $ 60,250·pdf.exe

    • Size

      156KB

    • MD5

      f236c5ab7d649c9a0cf41cd630625c8e

    • SHA1

      de36fd44128dfe472c5608db4eb5877c968da4f9

    • SHA256

      97a715f8f119a00b01a264f4206bcb050fa0eb9a87d775d3c1acbeb89536da53

    • SHA512

      e3158a904d6a30226f5b1381b8b50a12e604aca4ca5d2f7c64c07e42c75aacae6083e24b188afd9be59ee8d246e02f41150d02ee1b5ee9d81d075d28f049c18e

    Score
    10/10
    lokibotspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks