lokibot | f6abd5c921b3194d507b71a74100ec437beda9a33627b254d0ed81e88d209bbd | Triage

Submit
Reports

Overview

overview

Static

static

f6abd5c921...bd.exe

windows7_x64

f6abd5c921...bd.exe

windows10_x64

Sharing

General

Target

f6abd5c921b3194d507b71a74100ec437beda9a33627b254d0ed81e88d209bbd.exe
Size

330KB
Sample

211119-gs7rtshcfr
MD5

0f3136e10afca292ec03a5a672724220
SHA1

43e48db1fa8182f57b240573d0c655b16c3a9d73
SHA256

f6abd5c921b3194d507b71a74100ec437beda9a33627b254d0ed81e88d209bbd
SHA512

a7220fd9278893819ab515fc9b96673f6f66cf7fa65b77d2eb85699da200546f6fcf910bd07af9f309a3483d4695d76e249456baefa731c71657814d504be0b7

Score

10^/10

lokibot neshta collection persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

f6abd5c921b3194d507b71a74100ec437beda9a33627b254d0ed81e88d209bbd.exe

Resource

win7-en-20211104

lokibot neshta collection persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

f6abd5c921b3194d507b71a74100ec437beda9a33627b254d0ed81e88d209bbd.exe

Resource

win10-en-20211014

lokibot neshta collection persistence spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

lokibot

C2

http://63.250.40.204/~wpdemo/file.php?search=3184076

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  f6abd5c921b3194d507b71a74100ec437beda9a33627b254d0ed81e88d209bbd.exe
- Size
  
  330KB
- MD5
  
  0f3136e10afca292ec03a5a672724220
- SHA1
  
  43e48db1fa8182f57b240573d0c655b16c3a9d73
- SHA256
  
  f6abd5c921b3194d507b71a74100ec437beda9a33627b254d0ed81e88d209bbd
- SHA512
  
  a7220fd9278893819ab515fc9b96673f6f66cf7fa65b77d2eb85699da200546f6fcf910bd07af9f309a3483d4695d76e249456baefa731c71657814d504be0b7
Score

10^/10

lokibot neshta collection persistence spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotneshtacollectionpersistencespywarestealertrojan

behavioral2

lokibotneshtacollectionpersistencespywarestealertrojan

© 2018-2025

Terms | Privacy