lokibot | f3029b1449900977d1bb8fd5242683e8d5780549572b86cb5b843a986df4fa0f | Triage

Submit
Reports

Overview

overview

Static

static

1

90888234001.exe

windows7_x64

90888234001.exe

windows10_x64

Sharing

General

Target

90888234001.exe
Size

304KB
Sample

211201-vwfdmshdf6
MD5

c5c2e5971f4f19df20127be16eb48072
SHA1

585ffaa0d05ba2df63e2fa8da479bafc72019c04
SHA256

f3029b1449900977d1bb8fd5242683e8d5780549572b86cb5b843a986df4fa0f
SHA512

ee9ed7fc0f8341063e71dc276b1f0d72819986d949068d8663096396e85a3670e055d52945f199e1decb883652d5afb54d619c00029d343e52381d9aef71395f

Score

10^/10

lokibot collection spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

90888234001.exe

Resource

win7-en-20211104

lokibot collection spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

90888234001.exe

Resource

win10-en-20211014

lokibot collection spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

lokibot

C2

http://63.250.34.171/tickets.php?id=539

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  90888234001.exe
- Size
  
  304KB
- MD5
  
  c5c2e5971f4f19df20127be16eb48072
- SHA1
  
  585ffaa0d05ba2df63e2fa8da479bafc72019c04
- SHA256
  
  f3029b1449900977d1bb8fd5242683e8d5780549572b86cb5b843a986df4fa0f
- SHA512
  
  ee9ed7fc0f8341063e71dc276b1f0d72819986d949068d8663096396e85a3670e055d52945f199e1decb883652d5afb54d619c00029d343e52381d9aef71395f
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojan

behavioral2

lokibotcollectionspywarestealertrojan

© 2018-2024

Terms | Privacy