lokibot | ce47c3f3359a2f2dd2de306544df0e10cf5cefebfccf8d556432918622487f25 | Triage

Submit
Reports

Overview

overview

Static

static

new_order.doc.docx

windows7_x64

new_order.doc.docx

windows10_x64

1

Sharing

General

Target

new_order.doc.docx
Size

10KB
Sample

210421-fkdn2c39d6
MD5

eb9b4decb03b5c81b5f4c0cc9dd5758f
SHA1

22ee73cf80deaf3122cc4e9fd45b062f71b4e2f4
SHA256

ce47c3f3359a2f2dd2de306544df0e10cf5cefebfccf8d556432918622487f25
SHA512

f3baddcc36936c75ae6efc335db1bc53d6c9827c840dc34e1a9afe58a2dc9c1c285089986f165a2b0451eb1fb9a18d18143ef3f2c29b04aaccfb297f04c173ad

Score

10^/10

lokibot spyware stealer trojan websettings

Static task

static1

Behavioral task

behavioral1

Sample

new_order.doc.docx

Resource

win7v20210410

lokibot spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

new_order.doc.docx

Resource

win10v20210408

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Rule

Microsoft Office WebSettings Relationship

C2

http://bit.do/fQyhA

Extracted

Family

lokibot

C2

http://amrp.tw/kayo/gate.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  new_order.doc.docx
- Size
  
  10KB
- MD5
  
  eb9b4decb03b5c81b5f4c0cc9dd5758f
- SHA1
  
  22ee73cf80deaf3122cc4e9fd45b062f71b4e2f4
- SHA256
  
  ce47c3f3359a2f2dd2de306544df0e10cf5cefebfccf8d556432918622487f25
- SHA512
  
  f3baddcc36936c75ae6efc335db1bc53d6c9827c840dc34e1a9afe58a2dc9c1c285089986f165a2b0451eb1fb9a18d18143ef3f2c29b04aaccfb297f04c173ad
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Abuses OpenXML format to download file from external location
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy