lokibot | a79236b40db7333b042cf5090d80fe0964a6cf54661e05df343e570f6b424391

General

Target

a79236b40db7333b042cf5090d80fe0964a6cf54661e05df343e570f6b424391N.exe
Size

648KB
Sample

241216-2p8vyatkcl
MD5

6bd8a599619c9697a57cd60b0f7157b0
SHA1

0923a839834913a82a1c0a5e68d3c0d1706b3fc5
SHA256

a79236b40db7333b042cf5090d80fe0964a6cf54661e05df343e570f6b424391
SHA512

df6d8734f76e55fa08a898c7bef1cff92cddf4bc61c69c4d8e347ef638e2b4effc925b19e6422250235e68aaea32b16d6134019880e552717aa2e113b1a5bbf5
SSDEEP

1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqaIzmd:nSHIG6mQwGmfOQd8YhY0/ErUG

Score

10^/10

lokibot discovery

Malware Config

Extracted

Family

lokibot

C2

http://alimatata.topendpower.top/_errorpages/alimatata/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  a79236b40db7333b042cf5090d80fe0964a6cf54661e05df343e570f6b424391N.exe
- Size
  
  648KB
- MD5
  
  6bd8a599619c9697a57cd60b0f7157b0
- SHA1
  
  0923a839834913a82a1c0a5e68d3c0d1706b3fc5
- SHA256
  
  a79236b40db7333b042cf5090d80fe0964a6cf54661e05df343e570f6b424391
- SHA512
  
  df6d8734f76e55fa08a898c7bef1cff92cddf4bc61c69c4d8e347ef638e2b4effc925b19e6422250235e68aaea32b16d6134019880e552717aa2e113b1a5bbf5
- SSDEEP
  
  1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqaIzmd:nSHIG6mQwGmfOQd8YhY0/ErUG
Score

3^/10

discovery
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2