Overview

overview

10

Static

static

5

Copy of Tr...df.exe

windows7_x64

10

Copy of Tr...df.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    7f4d394f5f4dacfaa5e5bde3a9514d9b3abbd3d0141ce34a196da19332212cf3

  • Size

    811KB

  • Sample

    220521-w8vjrsbbg3

  • MD5

    c9239b37b7465b082b5227fed95a9119

  • SHA1

    0616b08cfd858afb1a8c25310625c6d581c9d405

  • SHA256

    7f4d394f5f4dacfaa5e5bde3a9514d9b3abbd3d0141ce34a196da19332212cf3

  • SHA512

    818e410d3ff4e0a977cb35e44e5522a300053a075c671ce15e45d87096239a3200318ad52ab853b4ed247d301b483f5e4a8eaaaed129ce71c88a30669acc2347

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://attlogistics-vn.com/first/chief2/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      Copy of Transfer Receipt From Our Bank_pdf.exe

    • Size

      1.2MB

    • MD5

      6032263ed6e4d75e4374af139e894457

    • SHA1

      96a525573cda58fba06b33158fc6bac6ff1259eb

    • SHA256

      df74667577ba476da01977b4ef436663d5ae6dfca32eed7e3f307d3b0a4bda47

    • SHA512

      a919e138c107db235dde231ac542b24a9ee77d4ed9029433893e8204fb7cd7cade0523bd43a5fcfcc3306fd82387314171b23739c0a4c4545e118d69b386e76f

    Score
    10/10
    lokibotcollectionspywarestealertrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks