lokibot | 0f77e014b10cc25d53aeb14e1eff9271f9b7f16aca4c196fc082dd3207191b28 | Triage

Submit
Reports

Overview

overview

Static

static

MT103 101T...8.xlsx

windows7_x64

MT103 101T...8.xlsx

windows10_x64

1

Sharing

General

Target

MT103 101T000000018.xlsx
Size

1.2MB
Sample

210727-s9vqd11ra2
MD5

7c13958c9636c3b2542a71d3eacf93b9
SHA1

61bab72e6b532ef51cfd36e7836c97b992e62fce
SHA256

0f77e014b10cc25d53aeb14e1eff9271f9b7f16aca4c196fc082dd3207191b28
SHA512

18f7820c0bde66589a0982ca3f570e6d56666215d32053a61cd8f42d2d13c145ac12b875937d4d2cbd07abe2a1d9514c9064a60c5d52d533b0ea461c25168ea8

Score

10^/10

lokibot spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

MT103 101T000000018.xlsx

Resource

win7v20210410

lokibot spyware stealer suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

MT103 101T000000018.xlsx

Resource

win10v20210410

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

lokibot

C2

http://asiatrans.cf/BN1/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  MT103 101T000000018.xlsx
- Size
  
  1.2MB
- MD5
  
  7c13958c9636c3b2542a71d3eacf93b9
- SHA1
  
  61bab72e6b532ef51cfd36e7836c97b992e62fce
- SHA256
  
  0f77e014b10cc25d53aeb14e1eff9271f9b7f16aca4c196fc082dd3207191b28
- SHA512
  
  18f7820c0bde66589a0982ca3f570e6d56666215d32053a61cd8f42d2d13c145ac12b875937d4d2cbd07abe2a1d9514c9064a60c5d52d533b0ea461c25168ea8
Score

10^/10

lokibot spyware stealer suricata trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lokibotspywarestealersuricatatrojan

behavioral2

© 2018-2024

Terms | Privacy