INV-Impot Dos_pdf.exe

General
Target

INV-Impot Dos_pdf.exe

Size

890KB

Sample

210504-sxxflnhpns

Score
10 /10
MD5

deebff890e5a3cf56143a8e5f70c494e

SHA1

c48ca3466b49887848ddd36db47265fb3918ba21

SHA256

bd22e6fdeaeeb5047191e6b7feaeb3a152f43b20b9d464eb51add07c29a1e8de

SHA512

fb790cfb50b58d5100c5997a8faaafc7410d2e52e137990fc2e08358761bbe1dfe1466e2000cc464e22c6191075bdf64202af8fc24b3268875b5bec0be5203e1

Malware Config

Extracted

Family lokibot
C2

https://optimize-apiv2.barantum.com/xx/Panel/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets
Target

INV-Impot Dos_pdf.exe

MD5

deebff890e5a3cf56143a8e5f70c494e

Filesize

890KB

Score
10 /10
SHA1

c48ca3466b49887848ddd36db47265fb3918ba21

SHA256

bd22e6fdeaeeb5047191e6b7feaeb3a152f43b20b9d464eb51add07c29a1e8de

SHA512

fb790cfb50b58d5100c5997a8faaafc7410d2e52e137990fc2e08358761bbe1dfe1466e2000cc464e22c6191075bdf64202af8fc24b3268875b5bec0be5203e1

Tags

Signatures

  • Lokibot

    Description

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    Tags

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Defense Evasion
          Discovery
            Execution
              Exfiltration
                Impact
                  Initial Access
                    Lateral Movement
                      Persistence
                        Privilege Escalation
                          Tasks

                          static1

                          behavioral1

                          10/10

                          behavioral2

                          10/10