Overview

overview

10

Static

static

PTI invoic...6..exe

windows7_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    624222e2621e27d2fa7e5501300b150ab8ba8fbdd92a1ca108d641b0f34d6926

  • Size

    608KB

  • Sample

    210727-zqpmapwln6

  • MD5

    9d53896a7df157fdf95bdfce99f39098

  • SHA1

    e3b33ce2a4d620fb2ed166f0df7e330338355f2f

  • SHA256

    624222e2621e27d2fa7e5501300b150ab8ba8fbdd92a1ca108d641b0f34d6926

  • SHA512

    e6ca9706a776c7f898279184265f68ff24eac76cbcc0b875199521a119df6365a9abda4d6c72d5c2bfeef0b1a53ff09965f274fff738dd2dd0d650035c9f8298

Score
10/10
lokibotspywarestealersuricatatrojan

Malware Config

Extracted

Family

lokibot

C2

http://abixmaly.duckdns.org/binge/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      PTI invoice of oc 4f -36..exe

    • Size

      849KB

    • MD5

      7d4c0543f30b67b2d2c30cc548d2b725

    • SHA1

      dacea8e26c5e8d50f8aa65a0c76fbfc6db24c8e0

    • SHA256

      5c932da9805dcfbf5d7188eb6e0938c13b3291cdb11be5564cb446a07cd12011

    • SHA512

      c3a1139c74b01ebedabcb128eb8a57661c41aa1684ae244d12a1b3765bce455528ea115fa922af44720e5fedc1cfbe019c63db25d7886fb96f006db1c5b31e0a

    Score
    10/10
    lokibotspywarestealersuricatatrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • suricata: ET MALWARE LokiBot Checkin

      suricata

    • suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

      suricata

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Matrix

Tasks