Overview

overview

10

Static

static

10

1059-75028...12.exe

windows7-x64

1

1059-75028...12.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    60fcc651f845bb948397efbc27532ea1_JaffaCakes118

  • Size

    94KB

  • Sample

    240520-y1761afe34

  • MD5

    60fcc651f845bb948397efbc27532ea1

  • SHA1

    a5f4ddc164e30d44c07f24f120a0eba570863b77

  • SHA256

    aecb379bd1a5fd3be43048397e9143660cf038e5a3831564ff2d3258a7551903

  • SHA512

    9745ed56a3b0a7eb5046568e5dc56e74bc692f84e451ae1b939b2edb485ceed8fb0a9a6283859e3f6b4d1d6e7385de4007c3e2e4135203de3b89c70f1c39ee6d

  • SSDEEP

    1536:Dscfg3zK4OrALbXnDC4SiuYzNkN7QrdeOiGhAeVc6jprLZaXpTm4oVof0jR3kfBH:q3zKvALbXnDHZrJHVNaFZ3yhm

Score
10/10
lokibot

Malware Config

Extracted

Family

lokibot

C2

http://omann.ir/enes/offi/ce/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      1059-7502821dcf68d42012118b9b79f265a5ca5a1212

    • Size

      201KB

    • MD5

      f80379bf6ba3bbc351bfe2f27fa15abb

    • SHA1

      7502821dcf68d42012118b9b79f265a5ca5a1212

    • SHA256

      a35cce4296e9ab78e9d5d6a762c2fabeff1b59fc5f9e006982cdffa753835b97

    • SHA512

      29cff5ee0ba8f6147b30755c035e7dd4d34897e2087b96043b486ebec2bd6933ddb0889ec3c4c0dedb7742ea69751167de7e45144023a2c6e0650d1e696135fd

    • SSDEEP

      3072:kEHlQr71FHBSHIG6mQwGmfOQd8YhY0/EqUG8M8yURta/kN6c42jQ6BeC:ihcd6bUfFdXThUP5yURta/kN6c4Cd

    Score
    1/10
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2
T1012

System Information Discovery

2
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks