lokibot | 495e88db7f79e4930611aa0647ee42b806a7112b211546639e16dec2ebbac21b | Triage

Submit
Reports

Overview

overview

Static

static

5

COVID-19 T...df.exe

windows7_x64

COVID-19 T...df.exe

windows10-2004_x64

Sharing

General

Target

495e88db7f79e4930611aa0647ee42b806a7112b211546639e16dec2ebbac21b
Size

616KB
Sample

220521-w8k1bsedgk
MD5

07578f047c179095dd7c564c3872cdd6
SHA1

b75e2e2c818eb82ae643296287442ebb2c6e4298
SHA256

495e88db7f79e4930611aa0647ee42b806a7112b211546639e16dec2ebbac21b
SHA512

df74b67bcef2df4c53ceba59186bdcb3a2d7f1d420c4c643fb723716de5b82b22b28a0e2d6a2380f679f197f0d9beefe54deae4bd1ab795c2329874999daf4b3

Score

10^/10

lokibot collection spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

COVID-19 TRANSFER RECEIPT FORM_pdf.exe

Resource

win7-20220414-en

lokibot collection spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

COVID-19 TRANSFER RECEIPT FORM_pdf.exe

Resource

win10v2004-20220414-en

lokibot collection spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

lokibot

C2

http://attlogistics-vn.com/first/chief2/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  COVID-19 TRANSFER RECEIPT FORM_pdf.exe
- Size
  
  1.0MB
- MD5
  
  1678a6372c11592d92876749482fd18e
- SHA1
  
  e7001067022152bc76445369c9c14f59e0097fdc
- SHA256
  
  2a3c60d816836bf1cecb31f34d4eaf5b93976c123364538d5b8e22e9272e1269
- SHA512
  
  fa2bc8977f0c929fd6baafaf863b809a38eb6704f05199ec6073cda40116ffc169c6ea33079cbd367f21084ad6a581dabd989e5f4163fa2f4648406c35fc778b
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojan

behavioral2

lokibotcollectionspywarestealertrojan

© 2018-2024

Terms | Privacy