lokibot | 6f99bf8a88bdc5c7f5ccb5d676684b7e6065b0a2365979def21b5d68ae36fc54

General

Target

2532-6-0x0000000000400000-0x00000000004A2000-memory.dmp
Size

648KB
Sample

240911-1vtgrsvfkp
MD5

45d445f99cae2f626dd139d9f3fdd487
SHA1

4c399d280179cb3cebd8883fc6959d22b2b4bac8
SHA256

6f99bf8a88bdc5c7f5ccb5d676684b7e6065b0a2365979def21b5d68ae36fc54
SHA512

c2460d46b0677c9dbd563846c0d62aaba7eae4bea510676eb82e2de7aeaa0d8dbccb0f2c902776d94e6e6f3d5bc88496500663e0323aadc7589ca4fb87a0050d
SSDEEP

1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG

Score

10^/10

lokibot discovery

Malware Config

Extracted

Family

lokibot

C2

http://touxzw.ir/sweetwhore/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  2532-6-0x0000000000400000-0x00000000004A2000-memory.dmp
- Size
  
  648KB
- MD5
  
  45d445f99cae2f626dd139d9f3fdd487
- SHA1
  
  4c399d280179cb3cebd8883fc6959d22b2b4bac8
- SHA256
  
  6f99bf8a88bdc5c7f5ccb5d676684b7e6065b0a2365979def21b5d68ae36fc54
- SHA512
  
  c2460d46b0677c9dbd563846c0d62aaba7eae4bea510676eb82e2de7aeaa0d8dbccb0f2c902776d94e6e6f3d5bc88496500663e0323aadc7589ca4fb87a0050d
- SSDEEP
  
  1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2