Overview

overview

10

Static

static

1

SHIPPMENT ...df.exe

windows7_x64

10

SHIPPMENT ...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SHIPPMENT schedule_MAR.pdf.arj

  • Size

    141KB

  • Sample

    210226-s7qjf9tblx

  • MD5

    de102530b157755ac7fbeae0ad40de8b

  • SHA1

    cd21237155c2bc610be4314cd832c854373145a2

  • SHA256

    22ce96de8c16b982cccd87fb466dccdf5c627eb4638126bf3c9e1fcf1b8f4e6d

  • SHA512

    99cf1f50a9dbf90176a40d8ea1fb76cc15f419f3e73353f607378055acfdc1165357ce1c5fb757586b8ee15d6da6445db813d6779c8258f0b4f40e19fb53a71c

Score
10/10
lokibotspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://becharnise.ir/fb5/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      SHIPPMENT schedule_MAR_pdf.exe

    • Size

      155KB

    • MD5

      0b5550837e5edfd7c31fbe79add38bae

    • SHA1

      12541907e94266a08d49751f7ff3bdc416d7dab5

    • SHA256

      f40992b744d0ec76a95c0ed77b3594bcf906e954a7ebec95d20d033d51c4c23b

    • SHA512

      b8eae2eb6428ee6b68c3a5735a4b905fd30e0bdd33c3fa2c9448c1731be9edfe090db1e80caf2b0b9386e18d0b13adc366e129d39a1902804eb95201ed0f53fc

    Score
    10/10
    lokibotspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks