lokibot | 74e1f1b8d261a8b6129d4db04097d017b9fc9a55b87024e5c5b2474f6aba904b | Triage

Submit
Reports

Overview

overview

Static

static

PI_63455MV...D.xlsx

windows7_x64

PI_63455MV...D.xlsx

windows10_x64

1

Sharing

General

Target

PI_63455MV_REVISED.xlsx
Size

2.4MB
Sample

210422-aplzlqfe1j
MD5

74d534b81810367dc68209131623d4d0
SHA1

f0279dc293f7121faf24705fa486ee4673b50143
SHA256

74e1f1b8d261a8b6129d4db04097d017b9fc9a55b87024e5c5b2474f6aba904b
SHA512

97f79b3da2599169ad5e74091076d3082cb13d2d731ffa4c2f5698f980b28463f3756eaf6ddd41f30316190b3761c4197da94deebfa825a1108674a456f2f241

Score

10^/10

lokibot spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

PI_63455MV_REVISED.xlsx

Resource

win7v20210408

lokibot spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

PI_63455MV_REVISED.xlsx

Resource

win10v20210408

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

lokibot

C2

http://issth.com/chief/dav/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  PI_63455MV_REVISED.xlsx
- Size
  
  2.4MB
- MD5
  
  74d534b81810367dc68209131623d4d0
- SHA1
  
  f0279dc293f7121faf24705fa486ee4673b50143
- SHA256
  
  74e1f1b8d261a8b6129d4db04097d017b9fc9a55b87024e5c5b2474f6aba904b
- SHA512
  
  97f79b3da2599169ad5e74091076d3082cb13d2d731ffa4c2f5698f980b28463f3756eaf6ddd41f30316190b3761c4197da94deebfa825a1108674a456f2f241
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy