lokibot | 31ff99a4b97bef18dad3afc4d6c97df462228c6f1d3a6bf006b9ba75e37abf4a | Triage

Submit
Reports

Overview

overview

Static

static

INQUIRY & ...t).exe

windows7_x64

INQUIRY & ...t).exe

windows10-2004_x64

Sharing

Static task

static1

Behavioral task

behavioral1

Sample

INQUIRY & CATALOGUE (price list).exe

Resource

win7-en-20211208

lokibot neshta persistence spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

INQUIRY & CATALOGUE (price list).exe

Resource

win10v2004-en-20220112

lokibot neshta persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

General

Target

31ff99a4b97bef18dad3afc4d6c97df462228c6f1d3a6bf006b9ba75e37abf4a
Size

816KB
MD5

397641a6b56196b3ae1564fc21d381e2
SHA1

57c72dca7973f7e1f7f441a5ce2bd0337a21a23b
SHA256

31ff99a4b97bef18dad3afc4d6c97df462228c6f1d3a6bf006b9ba75e37abf4a
SHA512

83b829ea847d1e788383c206c105d5fd00b1b8761eee8b13fbc840bc4edeab1b83af3bc65556355af567486d04594d98a55e93fbc9ddb6164ff40e04bd961a48
SSDEEP

12288:Dl74EufJUiNnZ6sLpULBcIuiGy+CAC0xOk5O052Vft35tKBZPXKT:p7juRbNnZ6O0mIqC0xOn0kp7cnXKT

Score

10^/10

lokibot

Malware Config

Extracted

Family

lokibot

C2

http://citiline.org.ng/XXD123-TY/TULIP8890890-56788/Panel/five/fre,php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Signatures

Lokibot family
lokibot

Files

31ff99a4b97bef18dad3afc4d6c97df462228c6f1d3a6bf006b9ba75e37abf4a
.iso
INQUIRY & CATALOGUE (price list).exe
.exe windows x86

2977270fae1bfe1cc3a3258b5bc0e2ed

Code Sign

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

MethCallEngine
ord513
ord554
ord664
ord591
ord592
ord594
ord595
ord520
ord521
ord709
ord633
EVENT_SINK_AddRef
ord671
ord568
EVENT_SINK_Release
ord600
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord710
ord530
ord531
ord570
ord680
ord100
ord616
ord543
ord544
ord581

Sections

.text
Size: 720KB - Virtual size: 719KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

© 2018-2024

Terms | Privacy