Overview

overview

10

Static

static

SOLICITUD ...df.exe

windows7_x64

10

SOLICITUD ...df.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    SOLICITUD DE OFERTA 30-07-2020#U00b7pdf.exe

  • Size

    673KB

  • Sample

    200731-y72nvcwrb2

  • MD5

    29b2cd758504e00f56cc7d3c00b931b0

  • SHA1

    69980dd99c9fb7d9387ebaec61ca1b7825bd7581

  • SHA256

    94630a91f277bfe6a933d9db3f55cf7b6508979474440bc1639b1dd763169869

  • SHA512

    0f5f6cfb9367e62477f4a42647ce002e6a26b7cd2504846132e02e5f0b6c894d34b75c2d025bbeb86ffdd905f6e57f5b4b1529fb5ece7deaf658f347d3b7ad99

Score
10/10
lokibotspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://195.69.140.147/.op/cr.php/TAvyWQRo1IIY4

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      SOLICITUD DE OFERTA 30-07-2020#U00b7pdf.exe

    • Size

      673KB

    • MD5

      29b2cd758504e00f56cc7d3c00b931b0

    • SHA1

      69980dd99c9fb7d9387ebaec61ca1b7825bd7581

    • SHA256

      94630a91f277bfe6a933d9db3f55cf7b6508979474440bc1639b1dd763169869

    • SHA512

      0f5f6cfb9367e62477f4a42647ce002e6a26b7cd2504846132e02e5f0b6c894d34b75c2d025bbeb86ffdd905f6e57f5b4b1529fb5ece7deaf658f347d3b7ad99

    Score
    10/10
    spywaretrojanstealerlokibot

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1
T1081

Discovery

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Impact

Tasks