lokibot | 07ffbabb575117c731872d2d6cda388f2343fdee55d700f8357263a48c0edabc | Triage

Submit
Reports

Overview

overview

Static

static

print PO#6321023.docx

windows7_x64

print PO#6321023.docx

windows10_x64

1

Sharing

General

Target

print PO#6321023.docx
Size

10KB
Sample

210604-zwa9qy7lbn
MD5

3eb620f82132d7715cde30887fa24ed5
SHA1

cf9fe04fa0e778e800e2e9bd681e831a95af1e09
SHA256

07ffbabb575117c731872d2d6cda388f2343fdee55d700f8357263a48c0edabc
SHA512

32d48ec3545c0384e35fcf168342e15ace224c45032548ae3375a379baa18a2b090380f17ca2a5326b62f592c3de3dc6d6f48cd3c70ca1293dd72f80a7d522c6

Score

10^/10

lokibot spyware stealer trojan websettings

Static task

static1

Behavioral task

behavioral1

Sample

print PO#6321023.docx

Resource

win7v20210410

lokibot spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

print PO#6321023.docx

Resource

win10v20210410

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Rule

Microsoft Office WebSettings Relationship

C2

http://bit.do/fQXx8

Extracted

Family

lokibot

C2

http://173.208.204.37/k.php/mvM4bZPtu0I2s

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  print PO#6321023.docx
- Size
  
  10KB
- MD5
  
  3eb620f82132d7715cde30887fa24ed5
- SHA1
  
  cf9fe04fa0e778e800e2e9bd681e831a95af1e09
- SHA256
  
  07ffbabb575117c731872d2d6cda388f2343fdee55d700f8357263a48c0edabc
- SHA512
  
  32d48ec3545c0384e35fcf168342e15ace224c45032548ae3375a379baa18a2b090380f17ca2a5326b62f592c3de3dc6d6f48cd3c70ca1293dd72f80a7d522c6
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Abuses OpenXML format to download file from external location
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy