lokibot | c1846570bb0f165cbf376b88cf51fd8bc54dd055facdd992e8c7e0c28cbc238a | Triage

Submit
Reports

Overview

overview

Static

static

HSBC Payme...y.xlsx

windows7_x64

HSBC Payme...y.xlsx

windows10_x64

5

Sharing

General

Target

HSBC Payment copy.xlsx
Size

2.1MB
Sample

210122-vlywnpctra
MD5

4202a6f44d40ec7811ac7fa371360f62
SHA1

53b5dc8875711fc8782a5e688125489a0596ab4f
SHA256

c1846570bb0f165cbf376b88cf51fd8bc54dd055facdd992e8c7e0c28cbc238a
SHA512

a1d8865d45f9217d7015705b9ce7d41b3f4d342b9f573c4468f469591bea1d02675e958b3cd27fb31126ebfddb5bee0f7fdb170c8333249ae02743e17b4ace3f

Score

10^/10

lokibot ransomware spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

HSBC Payment copy.xlsx

Resource

win7v20201028

lokibot ransomware spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

HSBC Payment copy.xlsx

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

lokibot

C2

http://zunlen.com/chief/jojo/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  HSBC Payment copy.xlsx
- Size
  
  2.1MB
- MD5
  
  4202a6f44d40ec7811ac7fa371360f62
- SHA1
  
  53b5dc8875711fc8782a5e688125489a0596ab4f
- SHA256
  
  c1846570bb0f165cbf376b88cf51fd8bc54dd055facdd992e8c7e0c28cbc238a
- SHA512
  
  a1d8865d45f9217d7015705b9ce7d41b3f4d342b9f573c4468f469591bea1d02675e958b3cd27fb31126ebfddb5bee0f7fdb170c8333249ae02743e17b4ace3f
Score

10^/10

lokibot ransomware spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
  ransomware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lokibotransomwarespywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy