lokibot | c73fded08a7501a542f197617a30f30ce307fd5190a9f8778478b8ba2586de5b | Triage

Submit
Reports

Overview

overview

Static

static

1

PO DTL20-041.rtf

windows7-x64

PO DTL20-041.rtf

windows10-2004-x64

1

Sharing

General

Target

PO DTL20-041.doc
Size

400KB
Sample

240513-kc2gnaec7x
MD5

e334ed30eb161cd9517431ee26f7df69
SHA1

ad0799b76832939a37d223b25da870773659ff2e
SHA256

c73fded08a7501a542f197617a30f30ce307fd5190a9f8778478b8ba2586de5b
SHA512

3cb096459103041e882b7933159e9145c42d36136489ce61a093ddd8fb208f7199a6fc6635afa1086c6626680cdf913dcc1e2416f93f8aa46bada8c81097c927
SSDEEP

6144:8wAYwAYwAYwAYwAYwAYwAYwAYwAYwAa/LABMZSw:ZC

Score

10^/10

lokibot spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

PO DTL20-041.rtf

Resource

win7-20240221-en

lokibot spyware stealer trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

PO DTL20-041.rtf

Resource

win10v2004-20240426-en

windows10-2004-x64

4 signatures

150 seconds

Malware Config

Extracted

Family

lokibot

C2

http://spencerstuartllc.top/evie2/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  PO DTL20-041.doc
- Size
  
  400KB
- MD5
  
  e334ed30eb161cd9517431ee26f7df69
- SHA1
  
  ad0799b76832939a37d223b25da870773659ff2e
- SHA256
  
  c73fded08a7501a542f197617a30f30ce307fd5190a9f8778478b8ba2586de5b
- SHA512
  
  3cb096459103041e882b7933159e9145c42d36136489ce61a093ddd8fb208f7199a6fc6635afa1086c6626680cdf913dcc1e2416f93f8aa46bada8c81097c927
- SSDEEP
  
  6144:8wAYwAYwAYwAYwAYwAYwAYwAYwAYwAa/LABMZSw:ZC
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy