lokibot | c9699446a6c1d02ed56cb9778e696854815659242bd3a55010736b23b04ab138 | Triage

Submit
Reports

Overview

overview

Static

static

5

S8872_PDF.exe

windows7_x64

S8872_PDF.exe

windows10-2004_x64

Sharing

General

Target

c9699446a6c1d02ed56cb9778e696854815659242bd3a55010736b23b04ab138
Size

813KB
Sample

220521-w8ylesbbg8
MD5

c1332c2ff2f9eb871570f5c031d8d217
SHA1

9e868ba85e3d0adf1a50f05955c16fed24834ca9
SHA256

c9699446a6c1d02ed56cb9778e696854815659242bd3a55010736b23b04ab138
SHA512

81c53bc151baa8bcff803e458d7374afcad2c0c807c906a7e909c17aa27f9fee834d9964c64c4750aa81c04c3d8c3947d8b6887f409eb0b833124fd13f91d0e4

Score

10^/10

lokibot collection spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

S8872_PDF.exe

Resource

win7-20220414-en

lokibot collection spyware stealer suricata trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

S8872_PDF.exe

Resource

win10v2004-20220414-en

lokibot collection spyware stealer suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

lokibot

C2

http://oneflextiank.com/cream/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  S8872_PDF.exe
- Size
  
  1.2MB
- MD5
  
  d76cb6054119c4a62dd9edd2239645d2
- SHA1
  
  90fc7d4e5e82f7fefe505ca0c037c59ac73d8ded
- SHA256
  
  27534ee3bfdbfc3b5bfb4b61237354d3d529822b0b64789528c1a8c2ae455318
- SHA512
  
  db0fede878be7a6d0e2a739fd60957f0ca514ed400835c06e39622c13cfd4c62b7cbc25f7c31bca339adf32eb88d515af55db3bc23d2cadc1b0003db8dfdb211
Score

10^/10

lokibot collection spyware stealer suricata trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
  suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
  suricata
- suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
  suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
  suricata
- suricata: ET MALWARE LokiBot Checkin
  suricata: ET MALWARE LokiBot Checkin
  suricata
- suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
  suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
  suricata
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lokibotcollectionspywarestealersuricatatrojan

behavioral2

lokibotcollectionspywarestealersuricatatrojan

© 2018-2024

Terms | Privacy