Overview

overview

10

Static

static

Detalles d...df.exe

windows7_x64

10

Detalles d...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Detalles de pago PROVV0003654043.pdf.exe

  • Size

    393KB

  • Sample

    210727-4g1jx6ex6a

  • MD5

    4d85e6c70760761a009957e9db240df0

  • SHA1

    729128422d7b4c6939f13a4f9f19b72976222a01

  • SHA256

    32894ea1274b19405c61b1ef24059a7e6b2854984a4c5ab6f349899ba64696ff

  • SHA512

    acac07d01c08eec2e9d65642acc2ff7b9f850f30d753f16c9081826834e7f8282e9ef1109d1129e8f9cc6c176a430daf8fafced964825820027d958010ecf6eb

Score
10/10
lokibotspywarestealersuricatatrojan

Malware Config

Extracted

Family

lokibot

C2

http://ccjjlogsx.com/uu/me/ii.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      Detalles de pago PROVV0003654043.pdf.exe

    • Size

      393KB

    • MD5

      4d85e6c70760761a009957e9db240df0

    • SHA1

      729128422d7b4c6939f13a4f9f19b72976222a01

    • SHA256

      32894ea1274b19405c61b1ef24059a7e6b2854984a4c5ab6f349899ba64696ff

    • SHA512

      acac07d01c08eec2e9d65642acc2ff7b9f850f30d753f16c9081826834e7f8282e9ef1109d1129e8f9cc6c176a430daf8fafced964825820027d958010ecf6eb

    Score
    10/10
    lokibotspywarestealersuricatatrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • suricata: ET MALWARE LokiBot Checkin

      suricata

    • suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

      suricata

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks