lokibot | 4a8ed695823b0c7c473df40cb7e899932adb87083cab679c1f5e488fa62a7ab1 | Triage

Submit
Reports

Overview

overview

Static

static

Narudžben...nc.exe

windows7-x64

Narudžben...nc.exe

windows10-2004-x64

Sharing

General

Target

Narudžbenica(PO22738158)Kon?ar-MES Inc.exe
Size

1.3MB
Sample

230202-k2sk2she81
MD5

9603950997f0588a7304a6e56513d59e
SHA1

15560d218014c9f3514e009a79c0c53c023096d3
SHA256

4a8ed695823b0c7c473df40cb7e899932adb87083cab679c1f5e488fa62a7ab1
SHA512

86ea87d83087c6008a8fef46acf603c9de0ae59b24c687e093366a38297e9c92cbdaa25e74becaa6dbc11ffd6f3321d243a7cefdb7f2e123b4233a202a98df64
SSDEEP

24576:4M3F1ahfLZY71479ug+VgDOqSjawQWin2e8h5:oLZgqGhqSjh+n2eU

Score

10^/10

lokibot purecrypter collection downloader loader spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Narudžbenica(PO22738158)Kon?ar-MES Inc.exe

Resource

win7-20220901-en

lokibot purecrypter collection downloader loader spyware stealer trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

Narudžbenica(PO22738158)Kon?ar-MES Inc.exe

Resource

win10v2004-20221111-en

lokibot collection spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

lokibot

C2

http://lazarovs.ga/PWS/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  Narudžbenica(PO22738158)Kon?ar-MES Inc.exe
- Size
  
  1.3MB
- MD5
  
  9603950997f0588a7304a6e56513d59e
- SHA1
  
  15560d218014c9f3514e009a79c0c53c023096d3
- SHA256
  
  4a8ed695823b0c7c473df40cb7e899932adb87083cab679c1f5e488fa62a7ab1
- SHA512
  
  86ea87d83087c6008a8fef46acf603c9de0ae59b24c687e093366a38297e9c92cbdaa25e74becaa6dbc11ffd6f3321d243a7cefdb7f2e123b4233a202a98df64
- SSDEEP
  
  24576:4M3F1ahfLZY71479ug+VgDOqSjawQWin2e8h5:oLZgqGhqSjh+n2eU
Score

10^/10

lokibot purecrypter collection downloader loader spyware stealer trojan
- Detect PureCrypter injector
  loader
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- PureCrypter
  PureCrypter is a .NET malware loader first seen in early 2021.
  loader downloader purecrypter
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lokibotpurecryptercollectiondownloaderloaderspywarestealertrojan

behavioral2

lokibotcollectionspywarestealertrojan

© 2018-2024

Terms | Privacy