Overview

overview

10

Static

static

shipping d...df.exe

windows7_x64

10

shipping d...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    shipping documentpdf.exe

  • Size

    747KB

  • Sample

    210810-bc1p4h17jx

  • MD5

    63daf591a4338cdf51c53fc63b2a66e4

  • SHA1

    e9c8d30554f84827229461c5e54a1c3e0c0c7f22

  • SHA256

    1cf9b819c1ad4771f76ba564223d010bd1eff0f396810dd48b1e3df4eeedca50

  • SHA512

    f04955f654c354ddeb4dbb339cf32c623c8f4d040272a03097248945891d1c766d9aa697ea49eeece023f0684d1411299b7fcf7513459ecb1134933e58ae100f

Score
10/10
lokibotspywarestealersuricatatrojan

Malware Config

Extracted

Family

lokibot

C2

http://manvim.co/fd16/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      shipping documentpdf.exe

    • Size

      747KB

    • MD5

      63daf591a4338cdf51c53fc63b2a66e4

    • SHA1

      e9c8d30554f84827229461c5e54a1c3e0c0c7f22

    • SHA256

      1cf9b819c1ad4771f76ba564223d010bd1eff0f396810dd48b1e3df4eeedca50

    • SHA512

      f04955f654c354ddeb4dbb339cf32c623c8f4d040272a03097248945891d1c766d9aa697ea49eeece023f0684d1411299b7fcf7513459ecb1134933e58ae100f

    Score
    10/10
    lokibotspywarestealersuricatatrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • suricata: ET MALWARE LokiBot Checkin

      suricata: ET MALWARE LokiBot Checkin

      suricata

    • suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

      suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

      suricata

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix

Tasks