lokibot | 6fd2687a66899aa63357f7434a418b2bd873eebda9520129b20fd3e7e889ced1 | Triage

Submit
Reports

Overview

overview

Static

static

1

6fd2687a66...d1.exe

windows7-x64

6fd2687a66...d1.exe

windows10-2004-x64

Sharing

General

Target

6fd2687a66899aa63357f7434a418b2bd873eebda9520129b20fd3e7e889ced1.exe
Size

688KB
Sample

240427-bthw7sha41
MD5

4b905e6548f4d5040fab8962cb71877e
SHA1

15c3785700d10e32ce7e17d706194dd9baa8442a
SHA256

6fd2687a66899aa63357f7434a418b2bd873eebda9520129b20fd3e7e889ced1
SHA512

75beefb8e58cc71f433980ceb6ff74c022d35332037b905e9e6644e09dea33ba36b41dd4c8e1e6874f302208fccd93ad258c74d09c08828d65bf7661026a3cad
SSDEEP

12288:6jqnHvjNIrpf9rN/mc/CPV77Qykhe+AK9hCqAZHApvF1sdsgTWEmBuPg6AbTokR:6GPjKr5BNDAF7GAKeZHApvFWdsisBuoT

Score

10^/10

lokibot collection spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

6fd2687a66899aa63357f7434a418b2bd873eebda9520129b20fd3e7e889ced1.exe

Resource

win7-20240221-en

lokibot collection spyware stealer trojan

windows7-x64

15 signatures

150 seconds

Behavioral task

behavioral2

Sample

6fd2687a66899aa63357f7434a418b2bd873eebda9520129b20fd3e7e889ced1.exe

Resource

win10v2004-20240419-en

lokibot collection spyware stealer trojan

windows10-2004-x64

16 signatures

150 seconds

Malware Config

Extracted

Family

lokibot

C2

http://45.77.223.48/~blog/?ajax=a

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  6fd2687a66899aa63357f7434a418b2bd873eebda9520129b20fd3e7e889ced1.exe
- Size
  
  688KB
- MD5
  
  4b905e6548f4d5040fab8962cb71877e
- SHA1
  
  15c3785700d10e32ce7e17d706194dd9baa8442a
- SHA256
  
  6fd2687a66899aa63357f7434a418b2bd873eebda9520129b20fd3e7e889ced1
- SHA512
  
  75beefb8e58cc71f433980ceb6ff74c022d35332037b905e9e6644e09dea33ba36b41dd4c8e1e6874f302208fccd93ad258c74d09c08828d65bf7661026a3cad
- SSDEEP
  
  12288:6jqnHvjNIrpf9rN/mc/CPV77Qykhe+AK9hCqAZHApvF1sdsgTWEmBuPg6AbTokR:6GPjKr5BNDAF7GAKeZHApvFWdsisBuoT
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
- Detects executables containing common artifacts observed in infostealers
- Detects executables referencing many file transfer clients. Observed in information stealers
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojan

behavioral2

lokibotcollectionspywarestealertrojan

© 2018-2024

Terms | Privacy