lokibot | 575ffaf703b2b26ec14d612ac38d4966f428d4bcf6e4ef0e073e2a7c6bdf9e7b | Triage

Sharing

General

Target

Confirm revised invoice to proceed with payment ASAP.rar
Size

31KB
Sample

230817-qm7djsbb8x
MD5

580a0bed498f3bb66c981c69810f91e8
SHA1

e7ed1438e290ab6d96b9157c81c0f1ba5cd018c4
SHA256

575ffaf703b2b26ec14d612ac38d4966f428d4bcf6e4ef0e073e2a7c6bdf9e7b
SHA512

e34197b360a134ecfeb4e8a3a0f15bd3b861be020b9b8fda4723cee1d28d18a8179ca1be87fa8185fc6d7b6a23efc7852eb1ea74dea49afe2d580e419843a3c3
SSDEEP

768:rybLk+7gz0vhDEIadr87JwgbYfBeFY0L4MwdeRlhSIMCaUn4t1b1fy:r9+gYv9EIaJ87OqYfBmY0cMSvUn4tG

Score

10^/10

lokibot persistence spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://194.55.224.11/mathew/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  Confirm revised invoice to proceed with payment ASAP.exe
- Size
  
  80KB
- MD5
  
  f815f9c40485ad6e7a6c1299487d3543
- SHA1
  
  052b2f7f5d8e99ae7369929ce1087297aff12c4d
- SHA256
  
  4f35140609179eda1d1bb7f9e931cf74c556efe32116b2804f2059dd3386b689
- SHA512
  
  aa3eb1f4c6bfa687375a229ced9699cf7e2d5e421afa20c161ab2bb71396019ac5ac0b305a462adb0e253445e5eb87316e1640063ceb44ec501b76adb318bf24
- SSDEEP
  
  1536:x5ewFcof5NMZPAKYovmu7QfWPIQ0s45DT2BQYBVrmqVo2q/E:/ewFcof58zvDIQhBvlqc
Score

10^/10

lokibot persistence spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

lokibotpersistencespywarestealertrojan