lokibot | 5218080ebe69d63196e24cb2d9a08008e5cac324073b13a29f2b660be7398cc1 | Triage

Submit
Reports

Overview

overview

Static

static

1

dridex

windows10_x64

Sharing

General

Target

5218080ebe69d63196e24cb2d9a08008e5cac324073b13a29f2b660be7398cc1
Size

270KB
Sample

211029-gphzasheal
MD5

d031d354378993ddf3aca597f723b301
SHA1

b6a6ed3df049e756d57d8d19a22e124b2672ee1c
SHA256

5218080ebe69d63196e24cb2d9a08008e5cac324073b13a29f2b660be7398cc1
SHA512

c345a0d66fc8ba3a434e3678f183575cc7de1bebdea2f3474090d28deacb82ce7ecb3f14ee66bfa1df453eee90de9c2a79270aa5e538d1996050f786c3ed51ee

Score

10^/10

lokibot collection spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

5218080ebe69d63196e24cb2d9a08008e5cac324073b13a29f2b660be7398cc1.exe

Resource

win10-en-20211014

lokibot collection spyware stealer suricata trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

lokibot

C2

http://74f26d34ffff049368a6cff8812f86ee.ml/BN22/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  5218080ebe69d63196e24cb2d9a08008e5cac324073b13a29f2b660be7398cc1
- Size
  
  270KB
- MD5
  
  d031d354378993ddf3aca597f723b301
- SHA1
  
  b6a6ed3df049e756d57d8d19a22e124b2672ee1c
- SHA256
  
  5218080ebe69d63196e24cb2d9a08008e5cac324073b13a29f2b660be7398cc1
- SHA512
  
  c345a0d66fc8ba3a434e3678f183575cc7de1bebdea2f3474090d28deacb82ce7ecb3f14ee66bfa1df453eee90de9c2a79270aa5e538d1996050f786c3ed51ee
Score

10^/10

lokibot collection spyware stealer suricata trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- suricata: ET MALWARE LokiBot Checkin
  suricata: ET MALWARE LokiBot Checkin
  suricata
- suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
  suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
  suricata
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lokibotcollectionspywarestealersuricatatrojan

© 2018-2024

Terms | Privacy