lokibot | b2eb095f777a797a631364371c0c76ea658b1a5fe10ceab8190dd8efea24bac8 | Triage

Submit
Reports

Overview

overview

Static

static

MV WORLD SPIRIT.docx

windows7_x64

MV WORLD SPIRIT.docx

windows10_x64

1

Sharing

General

Target

MV WORLD SPIRIT.docx
Size

10KB
Sample

210728-nzlx6m8nmj
MD5

283a754d78b60260fc77d34930fc760d
SHA1

fdd2639c80e8189a3ae7556237d8ef969754018c
SHA256

b2eb095f777a797a631364371c0c76ea658b1a5fe10ceab8190dd8efea24bac8
SHA512

e84b3ddbd160070959e2aa2d089d377af23242632e6422897490eaff030f8a7578468c410854989edf3b1f14527129288604d2cbcb806c7812f4d66c8f4e5e07

Score

10^/10

lokibot spyware stealer suricata trojan websettings

Static task

static1

Behavioral task

behavioral1

Sample

MV WORLD SPIRIT.docx

Resource

win7v20210410

lokibot spyware stealer suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

MV WORLD SPIRIT.docx

Resource

win10v20210410

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Rule

Microsoft Office WebSettings Relationship

C2

https://upurl.me/t6qc0

Extracted

Family

lokibot

C2

http://manvim.co/fd11/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  MV WORLD SPIRIT.docx
- Size
  
  10KB
- MD5
  
  283a754d78b60260fc77d34930fc760d
- SHA1
  
  fdd2639c80e8189a3ae7556237d8ef969754018c
- SHA256
  
  b2eb095f777a797a631364371c0c76ea658b1a5fe10ceab8190dd8efea24bac8
- SHA512
  
  e84b3ddbd160070959e2aa2d089d377af23242632e6422897490eaff030f8a7578468c410854989edf3b1f14527129288604d2cbcb806c7812f4d66c8f4e5e07
Score

10^/10

lokibot spyware stealer suricata trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- suricata: ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile
  suricata
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Abuses OpenXML format to download file from external location
- Loads dropped DLL
- Uses the VBS compiler for execution
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Scripting

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lokibotspywarestealersuricatatrojan

behavioral2

© 2018-2024

Terms | Privacy