Overview

overview

10

Static

static

3

Siparişi_...df.exe

windows7-x64

10

Siparişi_...df.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Siparişi_P.O_4029064_Decorgru_pdf.iso

  • Size

    98KB

  • Sample

    230606-ld69zade41

  • MD5

    ac9fb655112fabebd6bf695a1005f878

  • SHA1

    48247ffca4ca860bdb30a3f9212c0243841fd861

  • SHA256

    5d9fb7714788f97c046f3b3c1c2a1e02ecfe10686ab6f2696db8d25e4bd86316

  • SHA512

    689601c7c79e00c4921a00f4b5015ba37b00811cb843a305b74b437fd1a4602d317d264861d47c2178c4711468e8fbc0656bab1437abc16f36d5f780d6a79ac3

  • SSDEEP

    768:/6Nyecx7gKng+pF0WeIUDNC6YGcoMcRC7n8Yila:C0ecx7g+70dIUpC6YFoFo78lla

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://efvsx.cf/PWS/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      Siparişi_P.O_4029064_Decorgru_pdf.exe

    • Size

      37KB

    • MD5

      7c823274ec6a711a73c4c7df54d1d4cd

    • SHA1

      8c78efece5e8c83205df2b18390b3e53396bd237

    • SHA256

      b432b8aa06d6977b2f87eafa17634e0fded464c7a521e0120c393c4f4d084fc9

    • SHA512

      f6e14be4995d1f74ee9c18f2797035a99ddb95f62f3d1c9dd8b522da290e94e8a32f6a739ee4e930f2c9d3f93eb35cff33b44a8d8bd915b1d0fee14b19e8c475

    • SSDEEP

      768:bNyecx7gKng+pF0WeIUDNC6YGcoMcRC7n8Yila:b0ecx7g+70dIUpC6YFoFo78lla

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Email Collection

1
T1114

Exfiltration

Command and Control

Impact

Tasks