lokibot | 38d6f393522f368761c577539c96abc6e14b04d76ea379f2a8eeddb542f0f997 | Triage

Submit
Reports

Overview

overview

Static

static

Offer from China.xlsx

windows7_x64

Offer from China.xlsx

windows10_x64

1

Sharing

General

Target

Offer from China.xlsx
Size

2.4MB
Sample

210422-j21y5q9vjx
MD5

ba4b37bd3627ee1f788e366d91c205e4
SHA1

73251986297cf7fc6947d8e10a54bd67790c3ee7
SHA256

38d6f393522f368761c577539c96abc6e14b04d76ea379f2a8eeddb542f0f997
SHA512

6415a52d63546d954855a33da5c918bad2bf190aa2b85d4c440590ade2f66d96aa6be91c3a9a1a9e889d811a5b29db23eba85f4a98036adc09bfaabc4b309e7d

Score

10^/10

lokibot spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Offer from China.xlsx

Resource

win7v20210408

lokibot spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Offer from China.xlsx

Resource

win10v20210410

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

lokibot

C2

http://qrnigroup.xyz/chief/dv2/mcee/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  Offer from China.xlsx
- Size
  
  2.4MB
- MD5
  
  ba4b37bd3627ee1f788e366d91c205e4
- SHA1
  
  73251986297cf7fc6947d8e10a54bd67790c3ee7
- SHA256
  
  38d6f393522f368761c577539c96abc6e14b04d76ea379f2a8eeddb542f0f997
- SHA512
  
  6415a52d63546d954855a33da5c918bad2bf190aa2b85d4c440590ade2f66d96aa6be91c3a9a1a9e889d811a5b29db23eba85f4a98036adc09bfaabc4b309e7d
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

System Information Discovery

Query Registry

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy