lokibot | c950d100078d439bcc4e0e902b156775546a61a0694ceaeff59f3757d562f4ad | Triage

Sharing

General

Target

30092024_1246_30092024_報價請求 (國立臺灣大學) TW24-0917.rar
Size

4KB
Sample

240930-pzwbdazfpf
MD5

5907b270de7e08f17a70fc78a0bdc89c
SHA1

375bd4b666814ee425a129e21d5796b0be68e56d
SHA256

c950d100078d439bcc4e0e902b156775546a61a0694ceaeff59f3757d562f4ad
SHA512

9ae4afb99a1c077f7dad7a4825bf022f143ae419ea664a4762d894ec4d7f59f55cace84c976f6c9b3b46ccf02d79f96196f5ff11ae06dd22d82d81a03cca1289
SSDEEP

96:vqW/+4reYgjcDdnTPqADqVMKNjctBOS877k:vqW/+ejgwDdTiADq+KNKBO1nk

Score

10^/10

lokibot collection discovery spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://168.100.10.152/index.php/wp.php?view=1

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  報價請求 (國立臺灣大學) TW24-0917.hta
- Size
  
  7KB
- MD5
  
  6478016f557127bcb15e168eb8275c75
- SHA1
  
  595e5d9cc7472660ec4e0c182a633014a43c974c
- SHA256
  
  acc9d013bc7c54953fd61c5626bcb2378452656ab98a3ef7c9bdeb5b57455933
- SHA512
  
  b5a9873d8c1ea36d7aae2e4974f233616221a316deb05ca5dd8b1c423f191c8cd8538f55d13f4d62cc4dab9347bd4b45d93f7dab5acf2d91f7041ceeb578ec46
- SSDEEP
  
  96:bpYfMEPTs5q+PgNbvrQZwJrOX32pdF60+oKOnPFIi/fds1R7b8eEj+ErV3/53/yw:yVsiBvrQSNOWp1nh1y7bgq+VRPFih8Gc
Score

10^/10

lokibot collection discovery spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectiondiscoveryspywarestealertrojan

behavioral2