lokibot | 84378912213bcf0d13d8a60344b1c0452b0f25be6a267bf594f620760c6c0915 | Triage

Submit
Reports

Overview

overview

Static

static

8437891221...15.exe

windows7-x64

8437891221...15.exe

windows10-2004-x64

Sharing

General

Target

84378912213bcf0d13d8a60344b1c0452b0f25be6a267bf594f620760c6c0915
Size

1.4MB
Sample

221125-k2nl4afb77
MD5

11581e56cfd606532847fea32f75b1cc
SHA1

ec4ea02f0919431a1917f752b6c189731eabcbb7
SHA256

84378912213bcf0d13d8a60344b1c0452b0f25be6a267bf594f620760c6c0915
SHA512

23f2b550697c31575aa43dd88ea4533f7daccf06daba33d12ecb04c3b588a6ebaba61fbe564906b98daf5a2c9d60c77e8d321d6470c53867a0d44e2dd69d4e4d
SSDEEP

12288:iYY9egseAKtheRIY5Set8P6Bdv+DV0kEZMnGEg1QIesyd5+Q2Q1dx9IeLDrfRAaQ:FeL/r26mcuy

Score

10^/10

lokibot collection spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

84378912213bcf0d13d8a60344b1c0452b0f25be6a267bf594f620760c6c0915.exe

Resource

win7-20220812-en

lokibot collection spyware stealer trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

84378912213bcf0d13d8a60344b1c0452b0f25be6a267bf594f620760c6c0915.exe

Resource

win10v2004-20221111-en

lokibot collection spyware stealer trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

lokibot

C2

http://becharnise.ir/fa5/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  84378912213bcf0d13d8a60344b1c0452b0f25be6a267bf594f620760c6c0915
- Size
  
  1.4MB
- MD5
  
  11581e56cfd606532847fea32f75b1cc
- SHA1
  
  ec4ea02f0919431a1917f752b6c189731eabcbb7
- SHA256
  
  84378912213bcf0d13d8a60344b1c0452b0f25be6a267bf594f620760c6c0915
- SHA512
  
  23f2b550697c31575aa43dd88ea4533f7daccf06daba33d12ecb04c3b588a6ebaba61fbe564906b98daf5a2c9d60c77e8d321d6470c53867a0d44e2dd69d4e4d
- SSDEEP
  
  12288:iYY9egseAKtheRIY5Set8P6Bdv+DV0kEZMnGEg1QIesyd5+Q2Q1dx9IeLDrfRAaQ:FeL/r26mcuy
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojan

behavioral2

lokibotcollectionspywarestealertrojan

© 2018-2024

Terms | Privacy