lokibot | 80c28ca3134acd26d2f0181fe9866129103a3ea94e49929442506d404aced261 | Triage

Submit
Reports

Overview

overview

Static

static

attachment.rtf

windows7-x64

attachment.rtf

windows10-2004-x64

1

Sharing

General

Target

attachment.action
Size

29KB
Sample

230124-23qlhsfg4z
MD5

1197511565a3205683e8b670e09c5522
SHA1

6755a21726763347299f6ec0d545460b71c779c9
SHA256

80c28ca3134acd26d2f0181fe9866129103a3ea94e49929442506d404aced261
SHA512

77e9c616b4a6abbfecafb60b591f0f18b82a7dc738bdb7dce050df1ddf643e1aad7c6af3981996eedbbdec1d1ba6ffe2a5ae5a50947bd30885c15d5efb4db5fd
SSDEEP

768:IFx0XaIsnPRIa4fwJMKeP5chQrEieJB6i1yzLOeiSgapgH:If0Xvx3EMK/0feJBQzaePgOgH

Score

10^/10

lokibot collection spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

attachment.rtf

Resource

win7-20220901-en

lokibot collection spyware stealer trojan

windows7-x64

17 signatures

150 seconds

Behavioral task

behavioral2

Sample

attachment.rtf

Resource

win10v2004-20220812-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

lokibot

C2

http://171.22.30.147/kelly/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  attachment.action
- Size
  
  29KB
- MD5
  
  1197511565a3205683e8b670e09c5522
- SHA1
  
  6755a21726763347299f6ec0d545460b71c779c9
- SHA256
  
  80c28ca3134acd26d2f0181fe9866129103a3ea94e49929442506d404aced261
- SHA512
  
  77e9c616b4a6abbfecafb60b591f0f18b82a7dc738bdb7dce050df1ddf643e1aad7c6af3981996eedbbdec1d1ba6ffe2a5ae5a50947bd30885c15d5efb4db5fd
- SSDEEP
  
  768:IFx0XaIsnPRIa4fwJMKeP5chQrEieJB6i1yzLOeiSgapgH:If0Xvx3EMK/0feJBQzaePgOgH
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy