Overview

overview

10

Static

static

ORDER.exe

windows7_x64

10

ORDER.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    ORDER.exe

  • Size

    789KB

  • Sample

    210624-5bkyabber2

  • MD5

    b954b768fcdca7acd4a9e43715139650

  • SHA1

    343bd24a325dfd24f7ccb0ece3052175c7187002

  • SHA256

    f35a2268af460c9d1dd472608376c7877aca3b037e030ee6366d2e41a1f25818

  • SHA512

    31994bbcfe804827574c2f9148768ceb8c120afbd0c0275b62448b83044c270982f11e813b83c65243782203279540a12eeba84fb67904e8a6b2c73ac7fa2001

Score
10/10
lokibotspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://192.119.111.43/smack/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      ORDER.exe

    • Size

      789KB

    • MD5

      b954b768fcdca7acd4a9e43715139650

    • SHA1

      343bd24a325dfd24f7ccb0ece3052175c7187002

    • SHA256

      f35a2268af460c9d1dd472608376c7877aca3b037e030ee6366d2e41a1f25818

    • SHA512

      31994bbcfe804827574c2f9148768ceb8c120afbd0c0275b62448b83044c270982f11e813b83c65243782203279540a12eeba84fb67904e8a6b2c73ac7fa2001

    Score
    10/10
    lokibotspywarestealertrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

Scheduled Task

1
T1053

Privilege Escalation

Scheduled Task

1
T1053

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks