Overview

overview

10

Static

static

5

E-PAYMENT_pdf.exe

windows7_x64

10

E-PAYMENT_pdf.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8716374c3ecca5fbd8146c1fb51bd84077289ed6b0bfe3e49e4eda26df71bfba

  • Size

    1.2MB

  • Sample

    220521-xzb7hacgg2

  • MD5

    1c16936360390e4418aaf7c86620e32b

  • SHA1

    4e57d3be422d925fcfda5f3c3220e2159d1a70e6

  • SHA256

    8716374c3ecca5fbd8146c1fb51bd84077289ed6b0bfe3e49e4eda26df71bfba

  • SHA512

    28054562574a4eb4863652342418cac36850f577b05207dcad63dfb9a99c7bdfa9738deead18458a494d8247a85b11b15f867c0c8f306e4dfbebf7abdad8acd7

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://attlogistics-vn.com/first/chief2/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      E-PAYMENT_pdf.exe

    • Size

      1.7MB

    • MD5

      fab80b972db111752b33a39d8f3df38c

    • SHA1

      c5b4e459e0aaefb9ede9006e79ab6d80837f35e2

    • SHA256

      636c1b018b9508a33351d294d62694ba03f27587f1f7bc7cf315bddbce3190c3

    • SHA512

      2f5af0feaa5ac977cdc464aa4f9ebce8ede20b28a52c4189bcb886946b89a5a0c1d0021fc54506a82de52ed5e53b6beb5a9699a432938f393e81592cf4a1c97a

    Score
    10/10
    lokibotcollectionspywarestealertrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks