Overview

overview

10

Static

static

Container ...L.xlsx

windows7-x64

10

Container ...L.xlsx

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    2d8e02c09058e57b9d67500b75693757

  • Size

    141KB

  • Sample

    220908-x3a4lscefk

  • MD5

    2d8e02c09058e57b9d67500b75693757

  • SHA1

    d7542e513a07e24ca5cec4ed8abf28a6d52732fa

  • SHA256

    e9113ddb1776ad3c8b81c3259c48eb632bd332574deeadf556cb80b20ae11604

  • SHA512

    07381c1876d713eb417e2545b4783f926283b1d9d0c006b89857fd9a8d730e64d59e51141fd2721a5b3cc74f22a435ddb5d786b56ecf3231c5246f7fe4f740f9

  • SSDEEP

    3072:yirhL6jrSuNvkzavPdJsV7wYO/m96keSLO36OzDMlno6K1ZaN:yirhL6XJmz8sVwYO/mUSLwzwlAO

Score
10/10
lokibotcollectionspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://208.67.105.162/cloud2/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      Container Movement & Stock Report Of BLPL.xlsx

    • Size

      100KB

    • MD5

      1518a4953823ca1c3f949fd21ee15bd7

    • SHA1

      a08675f87dc2889530a871a5bafa63a2ec845375

    • SHA256

      222c19365bc07695da75f2f39b8f5db94676860a8d12a8544ceb5ab6fad81ca2

    • SHA512

      d4e3dc8df1e6f656d303ad2cd580ee83e1cea384774825d0a57d85f38a4dfe8de2ea600c172551b67f93b9ae1b549ab09f748d2f61ab05c8c41e688f492ee5f1

    • SSDEEP

      3072:N/8mTjpX0a9fH2B1LP3roq9YKdgaGfUYdmCb:lN/YProq9YKdgnfREc

    Score
    10/10
    lokibotcollectionspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Blocklisted process makes network request

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks