lokibot | eb475d7b3d1ce22942991161c3b8d10343b7824f7db9642c2fdbd1c7f388915c | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10_x64

Sharing

General

Target

eb475d7b3d1ce22942991161c3b8d10343b7824f7db9642c2fdbd1c7f388915c
Size

310KB
Sample

211103-ysdmesbghq
MD5

3b857895cd4f4c6f4122f3d6753648c8
SHA1

581ee90858f1bb8e8d8ad23ede725288d76bc1ee
SHA256

eb475d7b3d1ce22942991161c3b8d10343b7824f7db9642c2fdbd1c7f388915c
SHA512

eebe2b2b667f9b793d17047ddebd3904ec9dd4d49ad3f184cc3671c9e17fd5d65982f35a6026b3d818435d68991c3b27d9cdf68cc84acb881e790c8082f86ab2

Score

10^/10

lokibot neshta collection persistence spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

eb475d7b3d1ce22942991161c3b8d10343b7824f7db9642c2fdbd1c7f388915c.exe

Resource

win10-en-20211014

lokibot neshta collection persistence spyware stealer suricata trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

lokibot

C2

http://74f26d34ffff049368a6cff8812f86ee.ml/BN22/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  eb475d7b3d1ce22942991161c3b8d10343b7824f7db9642c2fdbd1c7f388915c
- Size
  
  310KB
- MD5
  
  3b857895cd4f4c6f4122f3d6753648c8
- SHA1
  
  581ee90858f1bb8e8d8ad23ede725288d76bc1ee
- SHA256
  
  eb475d7b3d1ce22942991161c3b8d10343b7824f7db9642c2fdbd1c7f388915c
- SHA512
  
  eebe2b2b667f9b793d17047ddebd3904ec9dd4d49ad3f184cc3671c9e17fd5d65982f35a6026b3d818435d68991c3b27d9cdf68cc84acb881e790c8082f86ab2
Score

10^/10

lokibot neshta collection persistence spyware stealer suricata trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- suricata: ET MALWARE LokiBot Checkin
  suricata: ET MALWARE LokiBot Checkin
  suricata
- suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
  suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
  suricata
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotneshtacollectionpersistencespywarestealersuricatatrojan

© 2018-2024

Terms | Privacy