lokibot | 7ec8d23c5167687f3e60e57527cedf105a3de3b1d88e47924d96bad31bfe5385 | Triage

Submit
Reports

Overview

overview

Static

static

dridex

windows10-2004_x64

Sharing

General

Target

7ec8d23c5167687f3e60e57527cedf105a3de3b1d88e47924d96bad31bfe5385
Size

253KB
Sample

220304-cx6ccaddb8
MD5

2f08b467db5be4f98d7b26aabfb60a27
SHA1

d4c1ecbfddeb313a7defef708e4b759c830cc452
SHA256

7ec8d23c5167687f3e60e57527cedf105a3de3b1d88e47924d96bad31bfe5385
SHA512

8be430ce98ee067a8c7c8a8cd831973452ad829c9d25104d1f9905779d9de7f80f917a7eebee5ba70e560f989314742ad879c3e029231c5e0567d0a73739bfd6

Score

10^/10

lokibot neshta collection persistence spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

7ec8d23c5167687f3e60e57527cedf105a3de3b1d88e47924d96bad31bfe5385.exe

Resource

win10v2004-en-20220112

lokibot neshta collection persistence spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

lokibot

C2

http://164.90.194.235/?id=22044231991792986

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  7ec8d23c5167687f3e60e57527cedf105a3de3b1d88e47924d96bad31bfe5385
- Size
  
  253KB
- MD5
  
  2f08b467db5be4f98d7b26aabfb60a27
- SHA1
  
  d4c1ecbfddeb313a7defef708e4b759c830cc452
- SHA256
  
  7ec8d23c5167687f3e60e57527cedf105a3de3b1d88e47924d96bad31bfe5385
- SHA512
  
  8be430ce98ee067a8c7c8a8cd831973452ad829c9d25104d1f9905779d9de7f80f917a7eebee5ba70e560f989314742ad879c3e029231c5e0567d0a73739bfd6
Score

10^/10

lokibot neshta collection persistence spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Modifies system executable filetype association
  persistence
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Change Default File Association

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotneshtacollectionpersistencespywarestealertrojan

© 2018-2024

Terms | Privacy