lokibot | 84750ac6287c0ddb3289f197247bf4cd8e06ff9656e5b7355aa8adf37c28f7db | Triage

Submit
Reports

Overview

overview

Static

static

1

RFQ.xls

windows7-x64

RFQ.xls

windows10-2004-x64

1

Sharing

General

Target

RFQ.xls
Size

802KB
Sample

230719-g6mntagb88
MD5

01d35baefe1ce38feffe07104ddd27d0
SHA1

aa59f404015f4cb46fe2e607d2fabde040afefd7
SHA256

84750ac6287c0ddb3289f197247bf4cd8e06ff9656e5b7355aa8adf37c28f7db
SHA512

9ced1e6c21c7b58ac2ba4416b386f67bca2e163ee05a0eb10fcb6c3c5b41dbd31e39b3e2017627637b7529409d0a7333b0427220b90298897125b273956e03eb
SSDEEP

12288:0vOij8V1UXqUu9Vner8VdArmmPwUXnJiRCAbocwV1WP5K8cLnGIOsCUlwGIx:xeu9VxpHpbocwTA5K8c1FlwPx

Score

10^/10

lokibot collection spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

RFQ.xls

Resource

win7-20230712-en

lokibot collection spyware stealer trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

RFQ.xls

Resource

win10v2004-20230703-en

windows10-2004-x64

8 signatures

150 seconds

Malware Config

Extracted

Family

lokibot

C2

http://171.22.30.147/mous/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  RFQ.xls
- Size
  
  802KB
- MD5
  
  01d35baefe1ce38feffe07104ddd27d0
- SHA1
  
  aa59f404015f4cb46fe2e607d2fabde040afefd7
- SHA256
  
  84750ac6287c0ddb3289f197247bf4cd8e06ff9656e5b7355aa8adf37c28f7db
- SHA512
  
  9ced1e6c21c7b58ac2ba4416b386f67bca2e163ee05a0eb10fcb6c3c5b41dbd31e39b3e2017627637b7529409d0a7333b0427220b90298897125b273956e03eb
- SSDEEP
  
  12288:0vOij8V1UXqUu9Vner8VdArmmPwUXnJiRCAbocwV1WP5K8cLnGIOsCUlwGIx:xeu9VxpHpbocwTA5K8c1FlwPx
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojan

behavioral2

© 2018-2025

Terms | Privacy