lokibot | aecb379bd1a5fd3be43048397e9143660cf038e5a3831564ff2d3258a7551903

General

Target

60fcc651f845bb948397efbc27532ea1_JaffaCakes118
Size

94KB
Sample

240520-y1761afe34
MD5

60fcc651f845bb948397efbc27532ea1
SHA1

a5f4ddc164e30d44c07f24f120a0eba570863b77
SHA256

aecb379bd1a5fd3be43048397e9143660cf038e5a3831564ff2d3258a7551903
SHA512

9745ed56a3b0a7eb5046568e5dc56e74bc692f84e451ae1b939b2edb485ceed8fb0a9a6283859e3f6b4d1d6e7385de4007c3e2e4135203de3b89c70f1c39ee6d
SSDEEP

1536:Dscfg3zK4OrALbXnDC4SiuYzNkN7QrdeOiGhAeVc6jprLZaXpTm4oVof0jR3kfBH:q3zKvALbXnDHZrJHVNaFZ3yhm

Score

10^/10

lokibot

Malware Config

Extracted

Family

lokibot

C2

http://omann.ir/enes/offi/ce/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  1059-7502821dcf68d42012118b9b79f265a5ca5a1212
- Size
  
  201KB
- MD5
  
  f80379bf6ba3bbc351bfe2f27fa15abb
- SHA1
  
  7502821dcf68d42012118b9b79f265a5ca5a1212
- SHA256
  
  a35cce4296e9ab78e9d5d6a762c2fabeff1b59fc5f9e006982cdffa753835b97
- SHA512
  
  29cff5ee0ba8f6147b30755c035e7dd4d34897e2087b96043b486ebec2bd6933ddb0889ec3c4c0dedb7742ea69751167de7e45144023a2c6e0650d1e696135fd
- SSDEEP
  
  3072:kEHlQr71FHBSHIG6mQwGmfOQd8YhY0/EqUG8M8yURta/kN6c42jQ6BeC:ihcd6bUfFdXThUP5yURta/kN6c4Cd
Score

1^/10
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

2

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2