Overview

overview

10

Static

static

1

P.O-406252...DA.exe

windows7_x64

10

P.O-406252...DA.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    P.O-406252JSCTEFVILTEDA.exe

  • Size

    323KB

  • Sample

    210624-ftcwx17336

  • MD5

    9dadb67e63bfbc1ed06ae66f9d8b4a6b

  • SHA1

    4cb095c0a0bf8a22759cc9c0117d30f6f0435f75

  • SHA256

    573a2b0730e4da202bbd486ceaf7cf0b9cea7d2ca1a07448ec41e06e419bc104

  • SHA512

    705d38154d49c1118625b3096c9b3953d6479cc30893b4b4a4c13acdca4812700a52038cc5ec41cd922a78cb3e4a9ee792720e6502cb00d988972a66189e6110

Score
10/10
lokibotspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://es02.xyz/w2/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      P.O-406252JSCTEFVILTEDA.exe

    • Size

      323KB

    • MD5

      9dadb67e63bfbc1ed06ae66f9d8b4a6b

    • SHA1

      4cb095c0a0bf8a22759cc9c0117d30f6f0435f75

    • SHA256

      573a2b0730e4da202bbd486ceaf7cf0b9cea7d2ca1a07448ec41e06e419bc104

    • SHA512

      705d38154d49c1118625b3096c9b3953d6479cc30893b4b4a4c13acdca4812700a52038cc5ec41cd922a78cb3e4a9ee792720e6502cb00d988972a66189e6110

    Score
    10/10
    lokibotspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Loads dropped DLL

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks