lokibot | 16bafc095597c2a0de4683bf79e757cf460a6a783acab20c97efa71b323c0100 | Triage

Submit
Reports

Overview

overview

Static

static

RLOI JS01-2pdf.exe

windows7-x64

RLOI JS01-2pdf.exe

windows10-2004-x64

Sharing

General

Target

RLOI JS01-2pdf.exe
Size

371KB
Sample

221003-lg2hwshdbm
MD5

f01b2bb2e92cd7e511d5b30bd09decac
SHA1

bd15c817b686c0296b38422551759e9bb4a0f6fc
SHA256

16bafc095597c2a0de4683bf79e757cf460a6a783acab20c97efa71b323c0100
SHA512

68fbaec7ad4abe2b8e3cd11f41fa1ecc004eadb1106f26ed75cc73a2b1ee20e5f7c8057a859915d0a71b84c32715507f69045fc8dc23673fe0401a25068eb446
SSDEEP

6144:lTouKrWBEu3/Z2lpGDHU3ykJ1tC/H3f1NsjEXL2eDAFoH:lToPWBv/cpGrU3y8tG4jEXLHDAFy

Score

10^/10

lokibot collection spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

RLOI JS01-2pdf.exe

Resource

win7-20220812-en

lokibot collection spyware stealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

RLOI JS01-2pdf.exe

Resource

win10v2004-20220901-en

lokibot collection spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  RLOI JS01-2pdf.exe
- Size
  
  371KB
- MD5
  
  f01b2bb2e92cd7e511d5b30bd09decac
- SHA1
  
  bd15c817b686c0296b38422551759e9bb4a0f6fc
- SHA256
  
  16bafc095597c2a0de4683bf79e757cf460a6a783acab20c97efa71b323c0100
- SHA512
  
  68fbaec7ad4abe2b8e3cd11f41fa1ecc004eadb1106f26ed75cc73a2b1ee20e5f7c8057a859915d0a71b84c32715507f69045fc8dc23673fe0401a25068eb446
- SSDEEP
  
  6144:lTouKrWBEu3/Z2lpGDHU3ykJ1tC/H3f1NsjEXL2eDAFoH:lToPWBv/cpGrU3y8tG4jEXLHDAFy
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Executes dropped EXE
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojan

behavioral2

lokibotcollectionspywarestealertrojan

© 2018-2024

Terms | Privacy