lokibot | 466b5cd9ce2e165638a03bb231b988e867862ba7e52725c8c021a4d7ec4f2060 | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10_x64

Sharing

General

Target

466b5cd9ce2e165638a03bb231b988e867862ba7e52725c8c021a4d7ec4f2060
Size

251KB
Sample

211025-lwj76aghbr
MD5

314bc45f24a07472a46201320e5a3603
SHA1

d07d2c94e0a29fa15c1ec42ac9cecf08b6bea6d0
SHA256

466b5cd9ce2e165638a03bb231b988e867862ba7e52725c8c021a4d7ec4f2060
SHA512

25d3c626b0e300360e7ca762624019c7a3c75de1a4dd6badf53d13713eb4a18b4693c20dd669f7b7518e696c6589863099ff765f44929876da92a16caa321d19

Score

10^/10

lokibot collection spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

466b5cd9ce2e165638a03bb231b988e867862ba7e52725c8c021a4d7ec4f2060.exe

Resource

win10-en-20211014

lokibot collection spyware stealer suricata trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

lokibot

C2

http://63.250.40.204/~wpdemo/file.php?search=719442

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  466b5cd9ce2e165638a03bb231b988e867862ba7e52725c8c021a4d7ec4f2060
- Size
  
  251KB
- MD5
  
  314bc45f24a07472a46201320e5a3603
- SHA1
  
  d07d2c94e0a29fa15c1ec42ac9cecf08b6bea6d0
- SHA256
  
  466b5cd9ce2e165638a03bb231b988e867862ba7e52725c8c021a4d7ec4f2060
- SHA512
  
  25d3c626b0e300360e7ca762624019c7a3c75de1a4dd6badf53d13713eb4a18b4693c20dd669f7b7518e696c6589863099ff765f44929876da92a16caa321d19
Score

10^/10

lokibot collection spyware stealer suricata trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- suricata: ET MALWARE LokiBot Checkin
  suricata: ET MALWARE LokiBot Checkin
  suricata
- suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
  suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
  suricata
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lokibotcollectionspywarestealersuricatatrojan

© 2018-2024

Terms | Privacy