lokibot | 4339ebf2887db03e86b83f7108b649e724fd71795ab6dc47a4eb268a78d6809c | Triage

Submit
Reports

Overview

overview

Static

static

Pirkimouž...�a.exe

windows7-x64

Pirkimouž...�a.exe

windows10-2004-x64

Sharing

General

Target

Pirkimoužsakymas(P.O4024282)UAB Alauša.exe
Size

2.4MB
Sample

230126-pp2emsfa2s
MD5

7a6e0d42129b3465d6405318de62a75d
SHA1

27cdcd92398cd72c27b0e78890191a00e2d8b4a4
SHA256

4339ebf2887db03e86b83f7108b649e724fd71795ab6dc47a4eb268a78d6809c
SHA512

020c5834c52bf38d99f7fca1d911d84b4ceec164633d6c3e9fc222de075d9c621b58dd54436403127578ff464b29712b6ac97dee8c7cf9ed200080e55c6249cc
SSDEEP

49152:rcE5eDLx9XZ1fbEn18u1HCc07g+Orf2BO0YZ/dV3TgFK:4eefnvfqQgrj0YR3Tg

Score

10^/10

lokibot purecrypter collection downloader loader spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Pirkimoužsakymas(P.O4024282)UAB Alauša.exe

Resource

win7-20220812-en

lokibot purecrypter collection downloader loader spyware stealer trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

Pirkimoužsakymas(P.O4024282)UAB Alauša.exe

Resource

win10v2004-20221111-en

lokibot collection spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

lokibot

C2

https://efvsx.ga/PWS/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  Pirkimoužsakymas(P.O4024282)UAB Alauša.exe
- Size
  
  2.4MB
- MD5
  
  7a6e0d42129b3465d6405318de62a75d
- SHA1
  
  27cdcd92398cd72c27b0e78890191a00e2d8b4a4
- SHA256
  
  4339ebf2887db03e86b83f7108b649e724fd71795ab6dc47a4eb268a78d6809c
- SHA512
  
  020c5834c52bf38d99f7fca1d911d84b4ceec164633d6c3e9fc222de075d9c621b58dd54436403127578ff464b29712b6ac97dee8c7cf9ed200080e55c6249cc
- SSDEEP
  
  49152:rcE5eDLx9XZ1fbEn18u1HCc07g+Orf2BO0YZ/dV3TgFK:4eefnvfqQgrj0YR3Tg
Score

10^/10

lokibot purecrypter collection downloader loader spyware stealer trojan
- Detect PureCrypter injector
  loader
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lokibotpurecryptercollectiondownloaderloaderspywarestealertrojan

behavioral2

lokibotcollectionspywarestealertrojan

© 2018-2024

Terms | Privacy