Overview

overview

10

Static

static

5

Scan_Doc_pdf.exe

windows7_x64

10

Scan_Doc_pdf.exe

windows10-2004_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    8abf8a5e71416f0939a52379f0fe6d91cf7ec97e58cda4c4d4b488e6a190444a

  • Size

    1.4MB

  • Sample

    220521-xze86acgg3

  • MD5

    444fa79a883c46c86c888a25e621f183

  • SHA1

    4bb6e4e354581b7f0118c3b60ae99ddaa6b9ef22

  • SHA256

    8abf8a5e71416f0939a52379f0fe6d91cf7ec97e58cda4c4d4b488e6a190444a

  • SHA512

    8abe8d71671ff42971bc11593eb878765b06dac4bbc8d1fc9aac7e3beae3e2abeaf0aca6b315102e42e84dd212523bd2d1484561e8483e8f6e7f6fb57db8f23a

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://aesseal-my.com/first/chief1/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      Scan_Doc_pdf.exe

    • Size

      1.9MB

    • MD5

      d31abffc25e20264d1fa0ccd9bf3341c

    • SHA1

      66a1fd52c3be512f2a190116957e61114cdc18f3

    • SHA256

      0d6a98a80e0553364229b9d4fbd708f6c723c68aa3e8db535209bcc88c0af435

    • SHA512

      39235aa58620e9a739f8ed639c37c0808dbb010c27f4001ff77448edc3e16f134b9d00d313cac96ad92a8da822f49020cc609b30d013df5c937aaa1cc7fc430b

    Score
    10/10
    lokibotcollectionspywarestealertrojan
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks