lokibot | c6354273980658e3a9973b5458893e925f8762b5b3b19a2b520d6ce005953d0b | Triage

Submit
Reports

Overview

overview

Static

static

loki.docx

windows7_x64

loki.docx

windows10_x64

1

Sharing

General

Target

loki.docx
Size

10KB
Sample

210604-m7mwrt1x3s
MD5

b611e891cb9f097c7c357bb2c0e4ead3
SHA1

61e6a3ce6886ef59ca7cf23b71a422513cfd0524
SHA256

c6354273980658e3a9973b5458893e925f8762b5b3b19a2b520d6ce005953d0b
SHA512

2ddb5a6adb03905c2718da662debff309def8a064f2bdb020ec2e05f817d5d793c2c0cbefdfc3fb7fafd40caf6b28709bc116fd387caadce29445e22b39b14e4

Score

10^/10

lokibot spyware stealer trojan websettings

Static task

static1

Behavioral task

behavioral1

Sample

loki.docx

Resource

win7v20210410

lokibot spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

loki.docx

Resource

win10v20210410

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Rule

Microsoft Office WebSettings Relationship

C2

http://bit.do/fQWAj

Extracted

Family

lokibot

C2

http://173.208.204.37/k.php/mvM4bZPtu0I2s

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  loki.docx
- Size
  
  10KB
- MD5
  
  b611e891cb9f097c7c357bb2c0e4ead3
- SHA1
  
  61e6a3ce6886ef59ca7cf23b71a422513cfd0524
- SHA256
  
  c6354273980658e3a9973b5458893e925f8762b5b3b19a2b520d6ce005953d0b
- SHA512
  
  2ddb5a6adb03905c2718da662debff309def8a064f2bdb020ec2e05f817d5d793c2c0cbefdfc3fb7fafd40caf6b28709bc116fd387caadce29445e22b39b14e4
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Abuses OpenXML format to download file from external location
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy