lokibot | 7ab9b1c69859f602ff3b58664f229f867a14c8c18773b73835845785ba790639 | Triage

Submit
Reports

Overview

overview

Static

static

8

7ab9b1c698...39.exe

windows7-x64

7ab9b1c698...39.exe

windows10-2004-x64

Sharing

General

Target

7ab9b1c69859f602ff3b58664f229f867a14c8c18773b73835845785ba790639
Size

905KB
Sample

220725-eazbmadce4
MD5

21c48938a76f61ec177a71a7c8643e04
SHA1

924e57a542a238f4669976feee7eecc75f776cbb
SHA256

7ab9b1c69859f602ff3b58664f229f867a14c8c18773b73835845785ba790639
SHA512

f60b2a4a0615f28e75411a83964a0a630552757f543dd4f0c052759fa1c9ed54966e150184970ac352e5fd0744096e9f3ccea495d854eea5187f58b2e93d2cf8

Score

10^/10

lokibot collection spyware stealer trojan upx

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

7ab9b1c69859f602ff3b58664f229f867a14c8c18773b73835845785ba790639.exe

Resource

win7-20220715-en

lokibot collection spyware stealer trojan upx

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

7ab9b1c69859f602ff3b58664f229f867a14c8c18773b73835845785ba790639.exe

Resource

win10v2004-20220721-en

lokibot collection spyware stealer trojan upx

windows10-2004-x64

14 signatures

150 seconds

Malware Config

Extracted

Family

lokibot

C2

http://198.23.200.241/~power13/.sixnrpq/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  7ab9b1c69859f602ff3b58664f229f867a14c8c18773b73835845785ba790639
- Size
  
  905KB
- MD5
  
  21c48938a76f61ec177a71a7c8643e04
- SHA1
  
  924e57a542a238f4669976feee7eecc75f776cbb
- SHA256
  
  7ab9b1c69859f602ff3b58664f229f867a14c8c18773b73835845785ba790639
- SHA512
  
  f60b2a4a0615f28e75411a83964a0a630552757f543dd4f0c052759fa1c9ed54966e150184970ac352e5fd0744096e9f3ccea495d854eea5187f58b2e93d2cf8
Score

10^/10

lokibot collection spyware stealer trojan upx
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojanupx

behavioral2

lokibotcollectionspywarestealertrojanupx

© 2018-2024

Terms | Privacy