lokibot | 3a20068e0f3ab8b9735f12b0a5475b01e9f5635acd80961248535531ff523bd4 | Triage

Submit
Reports

Overview

overview

Static

static

1

7dd1d4c55c...18.msi

windows7-x64

7dd1d4c55c...18.msi

windows10-2004-x64

6

Sharing

General

Target

7dd1d4c55c7e8ee669f31b6467535058_JaffaCakes118
Size

1.0MB
Sample

240528-v98mcadf61
MD5

7dd1d4c55c7e8ee669f31b6467535058
SHA1

5e661cb0b167b870afbe5021ca360df648093505
SHA256

3a20068e0f3ab8b9735f12b0a5475b01e9f5635acd80961248535531ff523bd4
SHA512

524a499ac8138f1e79410abd8de58c3357aa22f5709ba4585d08959fb0f0aa0ce0d24c486c10c430f9965ab34eddf54811bf50d6db31d726be5b19ec9c553506
SSDEEP

24576:YEd/ZEfUXF3yHcKKI7McIFQY2+v0Xe89vtbC:YEd/Z7dpQu0Xe8W

Score

10^/10

lokibot collection spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

7dd1d4c55c7e8ee669f31b6467535058_JaffaCakes118.msi

Resource

win7-20240220-en

lokibot collection spyware stealer trojan

windows7-x64

14 signatures

150 seconds

Behavioral task

behavioral2

Sample

7dd1d4c55c7e8ee669f31b6467535058_JaffaCakes118.msi

Resource

win10v2004-20240508-en

windows10-2004-x64

9 signatures

150 seconds

Malware Config

Extracted

Family

lokibot

C2

http://ciston.nut.cc/bis-02/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  7dd1d4c55c7e8ee669f31b6467535058_JaffaCakes118
- Size
  
  1.0MB
- MD5
  
  7dd1d4c55c7e8ee669f31b6467535058
- SHA1
  
  5e661cb0b167b870afbe5021ca360df648093505
- SHA256
  
  3a20068e0f3ab8b9735f12b0a5475b01e9f5635acd80961248535531ff523bd4
- SHA512
  
  524a499ac8138f1e79410abd8de58c3357aa22f5709ba4585d08959fb0f0aa0ce0d24c486c10c430f9965ab34eddf54811bf50d6db31d726be5b19ec9c553506
- SSDEEP
  
  24576:YEd/ZEfUXF3yHcKKI7McIFQY2+v0Xe89vtbC:YEd/Z7dpQu0Xe8W
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Accesses Microsoft Outlook profiles
  collection
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojan

behavioral2

© 2018-2024

Terms | Privacy