lokibot

Sharing

Copy URL

Twitter E-mail

General

Target

401fba60361fa635168dad7cdac35be6_JaffaCakes118
Size

255KB
Sample

240729-mav8zaxdkf
MD5

401fba60361fa635168dad7cdac35be6
SHA1

5acd4cfe90100a976b96075c9d4885fa0adb82bf
SHA256

f05bbfcb62164661eb33d43860a596f9c424d84a01f0b0bb16eddad68c64680e
SHA512

d16d2679a432298decf824932e6715e6fcc28a9350ffa58a5356cfaf309ca14d2437debb310ae1884a0c05bcbbf7fd902ca97c896c918765eaaff9f64f26404d
SSDEEP

6144:X7RxbW52GrGYki9Xe8NqEx34YlJ5xNXKYFa7/o:X7WUmNpkuoYlzX1aDo

Score

10^/10

Malware Config

Extracted

Family

lokibot

http://egamcorps.ga/~zadmin/lmark/gld/mode.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  Bank Statement_pdf.exe
- Size
  
  270KB
- MD5
  
  39abbc28a33d027111f5060e68a11548
- SHA1
  
  33da5d497407b8f03f6208a9fbb05b5c0a394722
- SHA256
  
  574a393b16055b44e6c6baeb608506f58375d8792c0c1b88ba0b2b2e6c5dbd72
- SHA512
  
  d6aa566a5908b479c54af16ffe1c92b9457a893fc406230bce1109c35eeccd46f5c69fdd8fa97bdaa4f1f8e5d675ca087a5cfa0fec5488be68341c6689e09b6c
- SSDEEP
  
  6144:dPCganNMO9M4ATBeH5LM13bRmLLtLM85YOw5TBN/Ysi8dDK:DanaO9yeLM1ALhLM8TyTL/Ys94
Score

10^/10

lokibot discovery spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
behavioral1 behavioral2
- Target
  
  $APPDATA/vehicletestdrive/_tmp/18.opends60.dll
- Size
  
  45B
- MD5
  
  ded7ae361d5a4aeef08ba0b9a7baf1f9
- SHA1
  
  d7588ed36f5d306da4cd14ddec95da8329e6ad11
- SHA256
  
  880f19bcbf8f31901e8f13da6b9a933fa398be261027073cca2447643e39ec1c
- SHA512
  
  785a3613b80dbb691c75c52d8e84d1421b6e15633c1586393b2ac9b4e3054dcd69878fe738b87bfef48f83263d609fa606ec42f78366b15b93d896f1197cde0a
Score

1^/10
behavioral3 behavioral4
- Target
  
  $APPDATA/vehicletestdrive/_tmp/62.opends60.dll
- Size
  
  48B
- MD5
  
  71a56a6018fd1f673e7428af424ab30d
- SHA1
  
  2355c8b851b4876b8a3c80ee384b6695bf30c005
- SHA256
  
  6b9083658989175e624ab847771099cbbcaacc8726eebb37248ec857542d5668
- SHA512
  
  a68c796b56877d0a0854ca5ec8d16b7b5cbee76333dce48d846a88d06c3f767cb3334465aa323ba6fa6857d90c9f4f12967bacb4422f2cae7e3a069192427cba
Score

1^/10
behavioral5 behavioral6
- Target
  
  $APPDATA/vehicletestdrive/_tmp/cert2spc.exe
- Size
  
  8KB
- MD5
  
  15d14d0403243f2939389b50e62a5d9c
- SHA1
  
  29ca8ad75a159cf8740f21f8e1a2649abf81589e
- SHA256
  
  c25f774434af1c494594d8315ca8cfd12257c53b8e3682e626b230b79dd5a863
- SHA512
  
  83f0b6074911f4f8fc74d556537c9a8a1999cfbf5b8dedd97a9b5824d3b3bc39b7e8b876e5aa68a9eb597ac89ccaba9a516df21446200aa172994718c62a1ead
- SSDEEP
  
  192:nuF8MV0BxUAOW/3m3tGdqhIEg0YHvWCcqoS/W5e:n+8MVA1S3txg0avW1xS/W5e
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $APPDATA/vehicletestdrive/_tmp/contextp.dll
- Size
  
  11KB
- MD5
  
  4ba4d296c73b2b4367b0029e1d7c1a6f
- SHA1
  
  15aaf08c9aff48005a2a886c35a719bf286632ab
- SHA256
  
  0da039d120c08e36e5bd6c9eafe84d45dff719473876f3902e7ca5c9aa00c24a
- SHA512
  
  46a249c1110aec76179d44d4ae03c176dced623a3eb26003077034628eba7a09343da87afce41c02faf17e7e9cedaf69f354a576df92ba71fbb5ef5661bc1112
- SSDEEP
  
  192:VjPYNu38npuW8IzMkA2Ny0W+uNgQWNjk8:5PDQ8Zi1W7gQWN
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $APPDATA/vehicletestdrive/_tmp/crtowordsen.dll
- Size
  
  17KB
- MD5
  
  6aa6857e3aa855c208328a94e2979061
- SHA1
  
  b7d4304bd485f5ce8ed0183d57141c06bbc321a9
- SHA256
  
  6bc72ed8ef1f94b662813efec2f24886b1031e202581c20904c9aaba4c97584e
- SHA512
  
  9636495b0a7a0f10c71b07aad97350d1c48b98907674081d40021c80ba8c068f2a9492a3563a93a07c5fb7f3bc380c41d529b49c0f04c154d682c14adade1fa7
- SSDEEP
  
  192:ZHa7LAQiaLVaCQODYp8eZQd2SK3Xz7Yg/1LfzL/CldolMvMjGwPyMojT+KzVMiDA:BoL4aLVfGjv/1LrLCcY9jBJJU
Score

3^/10

discovery
behavioral11 behavioral12
- Target
  
  $TEMP/AnaMetaphor.dll
- Size
  
  19KB
- MD5
  
  eca4d3581bfee01fbbdfab46e73b8afb
- SHA1
  
  38b63ea322bd5f9b5ca14046a42f7ee25cf357d1
- SHA256
  
  2d4b4f73706eb3753f57ecf1e83e4ae68b8c07c72fe64a2aa2b0d80e5f64b7b3
- SHA512
  
  ef2f552f5216775aae85ac0835a7eb34498825e64961eb614a6728f76eaaef3e4ae36a847d0f7cfc30cce1b5c03e1521de93e1801db0a171dafbfbd73be66c20
- SSDEEP
  
  384:SRhpw3Mv1HS3DDAdLuFio8g7d0ORZp/mC3OTKuW5ik:SRwcNyzEdLuQg7fRZp/mC3OTKuW5
Score

3^/10

discovery
behavioral13 behavioral14
- Target
  
  $TEMP/dev60cgi/36.opends60.dll
- Size
  
  43B
- MD5
  
  3510e1a551a657442115b9e84e0d39c5
- SHA1
  
  e6ec919a91a257701a6e1546c3c30175434b6508
- SHA256
  
  ba56d29628c2ecf5ed376a0aebfd32ce186530338e5ca8f863a224e9d3e5f77e
- SHA512
  
  a872b5d0732eb993b7197593920b69ac073fd1107f3fb42b09e8ef6ec3bea436df7459f17b352c2ba2280c91ea9d1eb80802a874305faed789bc93a82cf4a60b
Score

1^/10
behavioral15 behavioral16
- Target
  
  $TEMP/dev60cgi/CrystalKeyCodeLib.dll
- Size
  
  19KB
- MD5
  
  928835929db4948327ff441ecab0a955
- SHA1
  
  08395f41b26fbe6b6edcbb79d46d17851116655a
- SHA256
  
  70126b03f9b802072c8ddba80dfc30e1dba9612083a07b8cd78157cf21bf7d80
- SHA512
  
  aaef454520346ee05e1c99eafee1719caa91e9f14b3a07b06a0164dc6a62f5fc7b9a6498e43d8fc9ab4f8cd7514b6083b24fcf161c8f5dfabd1d3143144e1477
- SSDEEP
  
  192:DmZpKceuZu+2K2oTXFh//j2nygVYYpuGmUIAdzJF8eSDMFuiKIG6QjKEepYQy:iZAyJ//j2ygduGmlAdzJF8eSQKIG6xi
Score

1^/10
behavioral17 behavioral18
- Target
  
  $TEMP/dev60cgi/DesktopDMA.dll
- Size
  
  37KB
- MD5
  
  e691a8240cedbd2f4bd39d5748cecb2e
- SHA1
  
  823905682a9f3e025a414d7c51d401ed42578e6c
- SHA256
  
  2cb13006977f70303a309554f14d70f9b7adfb46fa0fd630ec0da1dc74ed765f
- SHA512
  
  d050e88728de6b9f90c2929b671e89bdf167c3ff89ad5d207f99696ad4e71c8b32cd988741656fc048fa49656806807043875c9792c1b6b7d809fb5da87f3143
- SSDEEP
  
  768:XkQ9kolKftV1jlPK/W+/GHBdwYXRRlBhuUNiNjUJr6vD83W/:zkolK1VXZBhuAiNol48m/
Score

3^/10

discovery
behavioral19 behavioral20
- Target
  
  $TEMP/dev60cgi/MicrosoftVisualStudioVSHelp.dll
- Size
  
  11KB
- MD5
  
  3aca803a026087f4eb2958ef80fc0ee4
- SHA1
  
  b21628cc44b80b8ea79d14b3aa133861220433c8
- SHA256
  
  6472fc3c93342096ac77186a55e9fe5c9302fd72dbdaae0e667d26b736495652
- SHA512
  
  0e22f7547463d1249003fb8ce7d943f0eb0db0f83e18bafd5f6208d0a64cfcc70ae81ffe71433ff360319b934849c2d3428ba2bdf66fe25142a25959767e8346
- SSDEEP
  
  192:EM3S3GHkLPfg5ZkdfSkmAOF+Be5DAHTlwk4E+2A5RiNfAfkFjIxYvsaJTWFWW:EM3SZfaS0kmAOMB+DAasL4RQEYkaRWFv
Score

1^/10
behavioral21 behavioral22

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22