lokibot | ecfd4ec8f98c8c1cb5e702151fd30df0036839a465ae692ef8bdf9adcec25123 | Triage

Submit
Reports

Overview

overview

Static

static

comelit-11...1.docx

windows7_x64

comelit-11...1.docx

windows10_x64

1

Sharing

General

Target

comelit-11-6-2021.docx
Size

10KB
Sample

210611-cn4gh59kge
MD5

7ec618424dde9f0e1231926610de9da5
SHA1

9470e089a9522160dd4d7d7bedb10815d1d4fd7e
SHA256

ecfd4ec8f98c8c1cb5e702151fd30df0036839a465ae692ef8bdf9adcec25123
SHA512

c206b9e2b991f960e005305850711f4c0c15788e808e61de16fe6b67beadb9880a3b026192da4cfd49c6fd0a8d54c0c00b23824b93e252a7b52777df8819d655

Score

10^/10

lokibot spyware stealer trojan websettings

Static task

static1

Behavioral task

behavioral1

Sample

comelit-11-6-2021.docx

Resource

win7v20210410

lokibot spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

comelit-11-6-2021.docx

Resource

win10v20210408

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Rule

Microsoft Office WebSettings Relationship

C2

http://xy2.eu/e8hE

Extracted

Family

lokibot

C2

http://manvim.co/bo/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  comelit-11-6-2021.docx
- Size
  
  10KB
- MD5
  
  7ec618424dde9f0e1231926610de9da5
- SHA1
  
  9470e089a9522160dd4d7d7bedb10815d1d4fd7e
- SHA256
  
  ecfd4ec8f98c8c1cb5e702151fd30df0036839a465ae692ef8bdf9adcec25123
- SHA512
  
  c206b9e2b991f960e005305850711f4c0c15788e808e61de16fe6b67beadb9880a3b026192da4cfd49c6fd0a8d54c0c00b23824b93e252a7b52777df8819d655
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Abuses OpenXML format to download file from external location
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy