Overview

overview

10

Static

static

5

Payment Fo...df.exe

windows7_x64

10

Payment Fo...df.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4cb9d954498b547895d47663f6cc738b526549e2dddf04e3cf670b6487ac328f

  • Size

    1.4MB

  • Sample

    220521-w9cqcabca9

  • MD5

    bd7c3916bc25ed28e438c71bac06ef7f

  • SHA1

    3705ecadf5e7094db4e36a408d2f33f3e62a2148

  • SHA256

    4cb9d954498b547895d47663f6cc738b526549e2dddf04e3cf670b6487ac328f

  • SHA512

    2a082d01d794425420766d45d89e1cf46e23f5872429776c12d24acc69d2a638c4208f9969758eabed0ab297fba3d7ca3a4cb18604b6ca8d34cc6cc800b789f2

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://attlogistics-vn.com/first/chief2/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      Payment Form for Bank related transactions_pdf.exe

    • Size

      1.9MB

    • MD5

      6f22f48b376ad3a849465afe42708dbe

    • SHA1

      48f86146c0366e56cc7fe4af8ee33df0a3c070e3

    • SHA256

      8ba79c48575e0541fe357ea7acfd5e20cf8c6924b293a42c909b8044305c4ec8

    • SHA512

      27143491f7a01d140aed5d72e1c4537ef160415fb7cfa1668fc82463e624abf1e0b71781332144180d7b12d01ddd03b3dac36a05860fee3c496c2d6fa6c7bc1a

    Score
    10/10
    lokibotcollectionspywarestealertrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks