lokibot | 2e8ccd25523029d5fb95e26d019b7730c0e22d15572c7ddc272828f2e99d9633 | Triage

Submit
Reports

Overview

overview

Static

static

NEW ORDER.xlsx

windows7_x64

NEW ORDER.xlsx

windows10_x64

5

Sharing

General

Target

NEW ORDER.xlsx
Size

2.3MB
Sample

210122-x74hbmnwxj
MD5

5ce08c29f2632b716acc24b405c379a1
SHA1

599f3ed25603c0315ac8f85449c708095069d1ff
SHA256

2e8ccd25523029d5fb95e26d019b7730c0e22d15572c7ddc272828f2e99d9633
SHA512

07cb7e63e526f0a7c82cc0bfaeb27020478304964488fb1215c90fb968b7abcbf7d74e9c80a9109f29c75f298827d13824da6d9b387b455ba0fff330d3013a91

Score

10^/10

lokibot ransomware spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

NEW ORDER.xlsx

Resource

win7v20201028

lokibot ransomware spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

NEW ORDER.xlsx

Resource

win10v20201028

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

lokibot

C2

http://becharnise.ir/fa9/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  NEW ORDER.xlsx
- Size
  
  2.3MB
- MD5
  
  5ce08c29f2632b716acc24b405c379a1
- SHA1
  
  599f3ed25603c0315ac8f85449c708095069d1ff
- SHA256
  
  2e8ccd25523029d5fb95e26d019b7730c0e22d15572c7ddc272828f2e99d9633
- SHA512
  
  07cb7e63e526f0a7c82cc0bfaeb27020478304964488fb1215c90fb968b7abcbf7d74e9c80a9109f29c75f298827d13824da6d9b387b455ba0fff330d3013a91
Score

10^/10

lokibot ransomware spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Blocklisted process makes network request
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Enumerates physical storage devices
  Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
  ransomware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lokibotransomwarespywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy