lokibot | 2706cd9c8993267a695a8580ff5987c821093bfea0de05b561a98ac020b373ee | Triage

Submit
Reports

Overview

overview

Static

static

2706cd9c89...ee.exe

windows7_x64

2706cd9c89...ee.exe

windows10_x64

Sharing

General

Target

2706cd9c8993267a695a8580ff5987c821093bfea0de05b561a98ac020b373ee.exe
Size

851KB
Sample

210727-gnre9e8b8x
MD5

acef407cd9b335c0c1ca6582aef98d35
SHA1

28569bb0962cbe06d1344a61aa8c426746494632
SHA256

2706cd9c8993267a695a8580ff5987c821093bfea0de05b561a98ac020b373ee
SHA512

3a4802a7b378a8b3cfdfcc1bff108756d3cf30a4d9218fdcfcc55000093a3a2951bb0238d6ab199eade72966984446ffd4120fa6b69ba1df30f8f1900cfc856c

Score

10^/10

lokibot spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

2706cd9c8993267a695a8580ff5987c821093bfea0de05b561a98ac020b373ee.exe

Resource

win7v20210408

lokibot spyware stealer suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

2706cd9c8993267a695a8580ff5987c821093bfea0de05b561a98ac020b373ee.exe

Resource

win10v20210410

lokibot spyware stealer suricata trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

lokibot

C2

http://192.236.179.121/new/zubby/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  2706cd9c8993267a695a8580ff5987c821093bfea0de05b561a98ac020b373ee.exe
- Size
  
  851KB
- MD5
  
  acef407cd9b335c0c1ca6582aef98d35
- SHA1
  
  28569bb0962cbe06d1344a61aa8c426746494632
- SHA256
  
  2706cd9c8993267a695a8580ff5987c821093bfea0de05b561a98ac020b373ee
- SHA512
  
  3a4802a7b378a8b3cfdfcc1bff108756d3cf30a4d9218fdcfcc55000093a3a2951bb0238d6ab199eade72966984446ffd4120fa6b69ba1df30f8f1900cfc856c
Score

10^/10

lokibot spyware stealer suricata trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- suricata: ET MALWARE LokiBot Checkin
  suricata
- suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
  suricata
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotspywarestealersuricatatrojan

behavioral2

lokibotspywarestealersuricatatrojan

© 2018-2024

Terms | Privacy