lokibot | 0fe98916b3de0018f9e9795b4a82d01a8c8fc27df270db1e2822b2165d93ea53 | Triage

Sharing

General

Target

TOTAL MARINE Spare Part List.xlsx
Size

1.1MB
Sample

210624-ncejyxb35x
MD5

05fd9702017aef927f99ee22a1f2997e
SHA1

81aaa861442b1abebae340714967afd72568f1cb
SHA256

0fe98916b3de0018f9e9795b4a82d01a8c8fc27df270db1e2822b2165d93ea53
SHA512

c2da36c9e21bd20ca9947368022da3d8aa587691fc136311fa7e91c76ab8f30b2cf0d057fabd54dc63b40076750a7150ec981a9ea8b89426e6af779d451bb722

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://manvim.co/fd3/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  TOTAL MARINE Spare Part List.xlsx
- Size
  
  1.1MB
- MD5
  
  05fd9702017aef927f99ee22a1f2997e
- SHA1
  
  81aaa861442b1abebae340714967afd72568f1cb
- SHA256
  
  0fe98916b3de0018f9e9795b4a82d01a8c8fc27df270db1e2822b2165d93ea53
- SHA512
  
  c2da36c9e21bd20ca9947368022da3d8aa587691fc136311fa7e91c76ab8f30b2cf0d057fabd54dc63b40076750a7150ec981a9ea8b89426e6af779d451bb722
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2