lokibot | 56c19e2e628b52c856c87a84e8bd57ddda5f5003c0632382f1d313be307b4cde | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

56c19e2e628b52c856c87a84e8bd57ddda5f5003c0632382f1d313be307b4cde
Size

336KB
Sample

211025-jbtvragfhj
MD5

ec0897cc11ca44b815afbbee38c01316
SHA1

6b1bbb99701479c94dc1ec550ca15c766fa3a6f0
SHA256

56c19e2e628b52c856c87a84e8bd57ddda5f5003c0632382f1d313be307b4cde
SHA512

c85291bf53f244a403aaf412ae829c7b4aaa441e68151f449ffa1ad2f2fb539495538cbdaedfeee143dd7191f850630dd6801c3787d79c6c7ac8e5b24f4b190a

Score

10^/10

lokibot collection spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

56c19e2e628b52c856c87a84e8bd57ddda5f5003c0632382f1d313be307b4cde.exe

Resource

win10-en-20210920

lokibot collection spyware stealer suricata trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

lokibot

C2

http://63.250.40.204/~wpdemo/file.php?search=386869

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  56c19e2e628b52c856c87a84e8bd57ddda5f5003c0632382f1d313be307b4cde
- Size
  
  336KB
- MD5
  
  ec0897cc11ca44b815afbbee38c01316
- SHA1
  
  6b1bbb99701479c94dc1ec550ca15c766fa3a6f0
- SHA256
  
  56c19e2e628b52c856c87a84e8bd57ddda5f5003c0632382f1d313be307b4cde
- SHA512
  
  c85291bf53f244a403aaf412ae829c7b4aaa441e68151f449ffa1ad2f2fb539495538cbdaedfeee143dd7191f850630dd6801c3787d79c6c7ac8e5b24f4b190a
Score

10^/10

lokibot collection spyware stealer suricata trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- suricata: ET MALWARE LokiBot Checkin
  suricata: ET MALWARE LokiBot Checkin
  suricata
- suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
  suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
  suricata
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lokibotcollectionspywarestealersuricatatrojan

© 2018-2024

Terms | Privacy