Overview

overview

10

Static

static

5

IMG6690-05...ES.exe

windows7_x64

10

IMG6690-05...ES.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    48290438a9422960ffc63c428a9645de43d2a9a0cda9f35b0d37ac32a232ccc7

  • Size

    959KB

  • Sample

    220521-w8avcsedfj

  • MD5

    acbde86c9bef655fef24a316a7ee0bc8

  • SHA1

    2fe466bd440755c566d0155449c596a47ab537ec

  • SHA256

    48290438a9422960ffc63c428a9645de43d2a9a0cda9f35b0d37ac32a232ccc7

  • SHA512

    c54c9d327235a002bcd26f2011eb456d22331a0e4817a04927dec0b7224bb1b78480af022dd0f3db20a31ca3e9bf18acf18ce6b9996e28e9e6349a2f087b7380

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://mecharnise.ir/da9/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      IMG6690-05-2020 BANK ORDER SCAN COPIES.exe

    • Size

      1.4MB

    • MD5

      487def2d050ef8844a197e363c931f0b

    • SHA1

      d03cc28af3ca143ef308bb8bbf11bdfa76b8118c

    • SHA256

      77acad55f36e96de7a8d2d37abc8faee5795196c67a89ae0b283f9076ea45c51

    • SHA512

      588d43bf39b57a88f3425759245b29513e2d2bef8e9fd6bf678a11a9383de4270fa96e364dd0103484b3cc2851e08b9c76d717c09627373e65cdb38cd0acc945

    Score
    10/10
    lokibotcollectionspywarestealertrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks