Overview

overview

10

Static

static

Detalles d...df.exe

windows7_x64

10

Detalles d...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Detalles del banco.pdf.exe

  • Size

    538KB

  • Sample

    210727-nqfr7e9tg2

  • MD5

    3965feca216cde849f987b614794b46c

  • SHA1

    d5fd435edf3348930b1500d9b10b3b010b07ef99

  • SHA256

    c05b0bc3cde94be7a27b27040cd40864671e9d2be0a0d64fa0865454feaf2190

  • SHA512

    684381a00700a14c9c0bb9b4cb337f00057ccd678c825b3ab3b578ee6a98dd7c8a46fb42734be7a51dbb47ef21d03929428ab17ef2be327259d8c99439757c5b

Score
10/10
lokibotspywarestealersuricatatrojan

Malware Config

Extracted

Family

lokibot

C2

https://zamloki.xyz/des/co/tox.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      Detalles del banco.pdf.exe

    • Size

      538KB

    • MD5

      3965feca216cde849f987b614794b46c

    • SHA1

      d5fd435edf3348930b1500d9b10b3b010b07ef99

    • SHA256

      c05b0bc3cde94be7a27b27040cd40864671e9d2be0a0d64fa0865454feaf2190

    • SHA512

      684381a00700a14c9c0bb9b4cb337f00057ccd678c825b3ab3b578ee6a98dd7c8a46fb42734be7a51dbb47ef21d03929428ab17ef2be327259d8c99439757c5b

    Score
    10/10
    lokibotspywarestealersuricatatrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • suricata: ET MALWARE LokiBot Checkin

      suricata

    • suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

      suricata

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks