lokibot | 9fc307afd60cf86fcd93464e2b89a3de2016230e5c6c43ce1b58ce1ae605dae7 | Triage

Submit
Reports

Overview

overview

Static

static

DHL_Mexico...60.exe

windows7_x64

3

DHL_Mexico...60.exe

windows10-2004_x64

Sharing

General

Target

DHL_Mexico invoice101060.exe
Size

653KB
Sample

220701-w665saaecj
MD5

559d1039dbea67d63b86fe138a4714ee
SHA1

cc80047c060d58c384e5060104b9e408651e32a5
SHA256

9fc307afd60cf86fcd93464e2b89a3de2016230e5c6c43ce1b58ce1ae605dae7
SHA512

4e00f0882d186093b85715ce4d1735d849148baa8c142537d1efa3d6226e43233236aa1ddabcc921e82d39ffa01087d5ea292751140fc4326464de43293c57bc

Score

10^/10

lokibot collection spyware stealer suricata trojan

Static task

static1

Behavioral task

behavioral1

Sample

DHL_Mexico invoice101060.exe

Resource

win7-20220414-en

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

DHL_Mexico invoice101060.exe

Resource

win10v2004-20220414-en

lokibot collection spyware stealer suricata trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

lokibot

C2

http://sempersim.su/gi6/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  DHL_Mexico invoice101060.exe
- Size
  
  653KB
- MD5
  
  559d1039dbea67d63b86fe138a4714ee
- SHA1
  
  cc80047c060d58c384e5060104b9e408651e32a5
- SHA256
  
  9fc307afd60cf86fcd93464e2b89a3de2016230e5c6c43ce1b58ce1ae605dae7
- SHA512
  
  4e00f0882d186093b85715ce4d1735d849148baa8c142537d1efa3d6226e43233236aa1ddabcc921e82d39ffa01087d5ea292751140fc4326464de43293c57bc
Score

10^/10

lokibot collection spyware stealer suricata trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
  suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
  suricata
- suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
  suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
  suricata
- suricata: ET MALWARE LokiBot Checkin
  suricata: ET MALWARE LokiBot Checkin
  suricata
- suricata: ET MALWARE LokiBot Fake 404 Response
  suricata: ET MALWARE LokiBot Fake 404 Response
  suricata
- suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
  suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
  suricata
- suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
  suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
  suricata
- suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
  suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
  suricata
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

lokibotcollectionspywarestealersuricatatrojan

© 2018-2024

Terms | Privacy