lokibot | 7d8f63bcb6d758460dfab1708e4d7a259ad71bbb6aaf3317ed005721522f562e | Triage

Sharing

General

Target

7d8f63bcb6d758460dfab1708e4d7a259ad71bbb6aaf3317ed005721522f562e
Size

32KB
Sample

240930-pdtwesyfkc
MD5

1f2f70106e07c95409f968b0a2575559
SHA1

1d0efc6c0e29bd8b9601b118ffababd0ca5b39e5
SHA256

7d8f63bcb6d758460dfab1708e4d7a259ad71bbb6aaf3317ed005721522f562e
SHA512

8593f526ffc760285170a9d05bb7728da45cff79f5e7f1ca7c88cb680121961d78aad6f64e9f3af5dd087827ad9017fe18ae4c849e5969fae275c9dc2cb10fbe
SSDEEP

768:AGdB+w4sRqGfC1XQAJgmQU4lZ6SRYt/BxahPwkDWaviwA7tP:AW3fCyAy9lZPhTDnqZtP

Score

10^/10

lokibot collection discovery execution spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://137.184.191.215/index.php/check.php?id=1

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  PRORAČUNSKA ZAHTEVA 09-30-2024·pdf.vbe
- Size
  
  73KB
- MD5
  
  ae06697b71084618bb9a2d051f6fad2f
- SHA1
  
  d3cc11739d47aebc183e425750d53ea0d412c8e0
- SHA256
  
  dc6607f4aa63d04407994442f3f085ccd29a2feadac2a791b90cdbcfee2f5fac
- SHA512
  
  ea85577950701655694c970ac44a9f80ccca80f59166d0955d946570493b374f364c9fafefd548af04b8d5ebb6d494be64b840fdb55df00070b84bd4ef5dff34
- SSDEEP
  
  1536:sM0x6oY5kcFA/RYq0KkFV8N+FhhxGEoU5J/Gbrf:sM0xlYAJYJFFhhFo9f
Score

10^/10

lokibot collection discovery execution spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Command and Scripting Interpreter: PowerShell
  Using powershell.exe command.
  execution
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectiondiscoveryexecutionspywarestealertrojan

behavioral2

lokibotcollectiondiscoveryexecutionspywarestealertrojan