lokibot | a32c6199248e24889f6e4a50c1eb512401090850d491726af56dee3218520a88 | Triage

Submit
Reports

Overview

overview

Static

static

1

Xerox_07122021001.exe

windows7_x64

Xerox_07122021001.exe

windows10_x64

Sharing

General

Target

Xerox_07122021001.cab
Size

338KB
Sample

211207-n869kahagj
MD5

de1ce0d31e5c0f703ba21b9f32ae8b34
SHA1

366a70f8c32893ed06b93afd1f226ee3cac1d343
SHA256

a32c6199248e24889f6e4a50c1eb512401090850d491726af56dee3218520a88
SHA512

9932baf347533e09114891050d084757ce1249238b9d62a24c455d7bdc401e96147c43f1a0f86b4be9711f534c10dfd8b589ffbd53469f59df2f8153ac1ad356

Score

10^/10

lokibot collection spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Xerox_07122021001.exe

Resource

win7-en-20211014

lokibot collection spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Xerox_07122021001.exe

Resource

win10-en-20211104

lokibot collection spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

lokibot

C2

http://63.250.34.171/tickets.php?id=538

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  Xerox_07122021001.exe
- Size
  
  350KB
- MD5
  
  10425bc4b5cdcb5ab21971fefce600fd
- SHA1
  
  d0c3ac2af5888101f3eaca2a77b461c98d02033f
- SHA256
  
  b8cd18156e15e6dd1eae62d6472152d015309799c98a8ac1fa4a2e7ab81eb49e
- SHA512
  
  45b0ee53f74449a274b964927152e06d1e58eb1cbd1fad82fec72da605e9ed5d9f310af611cafc4dafc30d1125453949caab4de9fa0912be597f9f74175f5574
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojan

behavioral2

lokibotcollectionspywarestealertrojan

© 2018-2024

Terms | Privacy