Overview

overview

10

Static

static

updated file_pdf.exe

windows7_x64

10

updated file_pdf.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    updated file_pdf.exe

  • Size

    914KB

  • Sample

    200629-spx46twcea

  • MD5

    7a3e1f5c0c498fc33db2702be21d2073

  • SHA1

    298d99bd858bdf19a2874a5e8bd5f655c7695974

  • SHA256

    0c287d78aae1e3f907ce09a6750eea328153e32598726a505651ab5ca1ee573e

  • SHA512

    47773a2b34a887d9a9ab57cf9a5765960066822eeac9458a0a218de99cef275ab6ddd767784be4d3176e40c2e7f924b006b2b2dcc391f17f95e3e92b4656b7ac

Score
10/10
lokibotspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://195.69.140.147/.op/cr.php/SczbkxCQZQyVr

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      updated file_pdf.exe

    • Size

      914KB

    • MD5

      7a3e1f5c0c498fc33db2702be21d2073

    • SHA1

      298d99bd858bdf19a2874a5e8bd5f655c7695974

    • SHA256

      0c287d78aae1e3f907ce09a6750eea328153e32598726a505651ab5ca1ee573e

    • SHA512

      47773a2b34a887d9a9ab57cf9a5765960066822eeac9458a0a218de99cef275ab6ddd767784be4d3176e40c2e7f924b006b2b2dcc391f17f95e3e92b4656b7ac

    Score
    10/10
    spywaretrojanstealerlokibot

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks