lokibot | 44cb03a0be06167da6d70e6271f37c39e346a8ee16eecc0040c01221bc1d02a0 | Triage

Submit
Reports

Overview

overview

Static

static

44cb03a0be...a0.exe

windows7_x64

44cb03a0be...a0.exe

windows10-2004_x64

Sharing

General

Target

44cb03a0be06167da6d70e6271f37c39e346a8ee16eecc0040c01221bc1d02a0
Size

1.2MB
Sample

220707-wr9x5aecen
MD5

4fad11d68404c14f0927a0b1a3b2b4bb
SHA1

c7d7c8dea4e6b97f29789299262dcdc3ddbb311a
SHA256

44cb03a0be06167da6d70e6271f37c39e346a8ee16eecc0040c01221bc1d02a0
SHA512

6c0e1fb4e13b1bc2d917483f8e8c7e17aac3dcec2271b1ac6a0b034d00a4671ae68947a81ee65779a7457c5263b639b414d1f348ce10a11465b5aa18501aa5d8

Score

10^/10

lokibot collection persistence spyware stealer trojan upx

Static task

static1

Behavioral task

behavioral1

Sample

44cb03a0be06167da6d70e6271f37c39e346a8ee16eecc0040c01221bc1d02a0.exe

Resource

win7-20220414-en

lokibot collection persistence spyware stealer trojan upx

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

44cb03a0be06167da6d70e6271f37c39e346a8ee16eecc0040c01221bc1d02a0.exe

Resource

win10v2004-20220414-en

lokibot collection persistence spyware stealer trojan upx

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

lokibot

C2

http://begurtyut.info/hero/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  44cb03a0be06167da6d70e6271f37c39e346a8ee16eecc0040c01221bc1d02a0
- Size
  
  1.2MB
- MD5
  
  4fad11d68404c14f0927a0b1a3b2b4bb
- SHA1
  
  c7d7c8dea4e6b97f29789299262dcdc3ddbb311a
- SHA256
  
  44cb03a0be06167da6d70e6271f37c39e346a8ee16eecc0040c01221bc1d02a0
- SHA512
  
  6c0e1fb4e13b1bc2d917483f8e8c7e17aac3dcec2271b1ac6a0b034d00a4671ae68947a81ee65779a7457c5263b639b414d1f348ce10a11465b5aa18501aa5d8
Score

10^/10

lokibot collection persistence spyware stealer trojan upx
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Executes dropped EXE
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectionpersistencespywarestealertrojanupx

behavioral2

lokibotcollectionpersistencespywarestealertrojanupx

© 2018-2024

Terms | Privacy