Overview

overview

10

Static

static

5

RFQ_PDF.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    RFQ_PDF.arj

  • Size

    533KB

  • Sample

    240617-krnt4sxcmp

  • MD5

    3712b26d19bc6b737fe4efdbbba161d3

  • SHA1

    8fc551b37f5378a425f0247f41d48584a72b1246

  • SHA256

    5f8d5465ca543c43e092633df12e87a4c64e1bbe46383696e57363665513e35f

  • SHA512

    3f165561d62fc2b4670eb9fa725c6a68f80da81e4bfe3ce2551c68242d8716be16f24ca4592768d42b546f59d76432a4c60730324ea5fcb5d5a0f8605d0f0f13

  • SSDEEP

    12288:VHE4Ag5BXcj6jXEjwVj9KNzIwB32SVo43Pp7al2kC:Vk4Ag5BXcj6ojZNQSVo43PdpV

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

https://edgewell.cam/DV2/PWS/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      RFQ_PDF.exe

    • Size

      961KB

    • MD5

      0a992633e64cdfb5cf4d7e8991ab6a6e

    • SHA1

      2799fc17e93b9b386cf47d4968c7e9a0b95c226d

    • SHA256

      5909649b24c15202df7a9f3f9896396d31d449f8b7e736c076ad771d03267f5b

    • SHA512

      19a1858f99e98f050beb686039f6f0acaef206739376c8d2bd006c6c571f3fcbd00cfd1c84e70deabb92802dfde59dc9abcbf955db3d16269fa0114298877992

    • SSDEEP

      12288:ptb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSga2TAo4fPB7aLqPT6A:ptb20pkaCqT5TBWgNQ7aOAo4fP1DT6A

    Score
    10/10
    lokibotcollectionspywarestealertrojan
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks