lokibot | 2c2a57b3a137d49c53bf35a36a7136a78d67fcaa16b8f352a6b46a457d691815 | Triage

Sharing

General

Target

2c2a57b3a137d49c53bf35a36a7136a78d67fcaa16b8f352a6b46a457d691815.vbs
Size

77KB
Sample

241002-gdzsnsteke
MD5

34273527e12e172917598d0e29994432
SHA1

d390fd4b4ffc45be0a7cf05765af19e402377640
SHA256

2c2a57b3a137d49c53bf35a36a7136a78d67fcaa16b8f352a6b46a457d691815
SHA512

b9693348f7ddc2564c7a1ce748e58b080c73e57a85ae8f3b673d60106be4c967708c035ca2a820b7470a2be7642592c2db6c14ec9cccd0849eb153f8caebb6f9
SSDEEP

1536:sI0FsAXA4vqGxAx9bBuQPOyk+4OU8vL0yUbVBwXYf:sIcpPAPbB4OFQyIf

Score

10^/10

lokibot collection discovery spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://137.184.191.215/index.php/10899

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  2c2a57b3a137d49c53bf35a36a7136a78d67fcaa16b8f352a6b46a457d691815.vbs
- Size
  
  77KB
- MD5
  
  34273527e12e172917598d0e29994432
- SHA1
  
  d390fd4b4ffc45be0a7cf05765af19e402377640
- SHA256
  
  2c2a57b3a137d49c53bf35a36a7136a78d67fcaa16b8f352a6b46a457d691815
- SHA512
  
  b9693348f7ddc2564c7a1ce748e58b080c73e57a85ae8f3b673d60106be4c967708c035ca2a820b7470a2be7642592c2db6c14ec9cccd0849eb153f8caebb6f9
- SSDEEP
  
  1536:sI0FsAXA4vqGxAx9bBuQPOyk+4OU8vL0yUbVBwXYf:sIcpPAPbB4OFQyIf
Score

10^/10

lokibot collection discovery spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Blocklisted process makes network request
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Legitimate hosting services abused for malware hosting/C2
- Suspicious use of NtCreateThreadExHideFromDebugger
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Web Service

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectiondiscoveryspywarestealertrojan

behavioral2

lokibotcollectiondiscoveryspywarestealertrojan