lokibot | f4033e5baff349334f140f3560640157f8753543576b64e8254f0523c28d1051 | Triage

Submit
Reports

Overview

overview

Static

static

Proof_of_P...2.xlsx

windows7_x64

Proof_of_P...2.xlsx

windows10_x64

5

Sharing

General

Target

Proof_of_Payment_2020112.xlsx
Size

2.0MB
Sample

210122-3f7xf51pga
MD5

153d89ab5de4c8d7283531e179bc4db0
SHA1

ab2948d1dfae6c4a29241dd5c4abe261b5dd0c20
SHA256

f4033e5baff349334f140f3560640157f8753543576b64e8254f0523c28d1051
SHA512

eec417abf49cb12ebb340046d1b1394dd8d0ea4ed49c29b50131de4444a3f99b86dbf99fe87f382541a9eb724f1ea97a0cf5d3cfd738de13c81444718fe8d6c6

Score

10^/10

lokibot ransomware spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Proof_of_Payment_2020112.xlsx

Resource

win7v20201028

lokibot ransomware spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Proof_of_Payment_2020112.xlsx

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

lokibot

C2

http://becharnise.ir/fa11/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  Proof_of_Payment_2020112.xlsx
- Size
  
  2.0MB
- MD5
  
  153d89ab5de4c8d7283531e179bc4db0
- SHA1
  
  ab2948d1dfae6c4a29241dd5c4abe261b5dd0c20
- SHA256
  
  f4033e5baff349334f140f3560640157f8753543576b64e8254f0523c28d1051
- SHA512
  
  eec417abf49cb12ebb340046d1b1394dd8d0ea4ed49c29b50131de4444a3f99b86dbf99fe87f382541a9eb724f1ea97a0cf5d3cfd738de13c81444718fe8d6c6
Score

10^/10

lokibot ransomware spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
  ransomware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lokibotransomwarespywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy