lokibot | 90c84820bca55e3925a429b8ecac6ced2b3192306a5373af70ee2410d36fb98f | Triage

Sharing

General

Target

16102024_0049_15102024_Ordine di acquisto_(PO403310)_Bertolicavi Srl.zip
Size

600KB
Sample

241016-a6lcesydlm
MD5

c3e473d946fda3c5b6a4fadaadc9360e
SHA1

126cdc89b5c221d960d2f2edbe26aed228e160a7
SHA256

90c84820bca55e3925a429b8ecac6ced2b3192306a5373af70ee2410d36fb98f
SHA512

562f09941511cc6b6c73285af567452c55df94e0631ce6c0ca1219f63cf589369cf9f4eef8c3f5192df99a5820eced20b57ea768fac79a176ba08535dd7ee8cc
SSDEEP

12288:q+HxauMrd7WBt9oyJYR6IH4ybvK1qapu/OkZNg9WALF1Xu0ky0MWxVNI:q+RAhaBt9RIkMapumsO9W0CeWDNI

Score

10^/10

lokibot collection discovery spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

https://dddotx.shop/Mine/PWS/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  Ordine di acquisto_(PO403310)_Bertolicavi Srl.exe
- Size
  
  759KB
- MD5
  
  43ec72e4a7e772c34bc056402d999fa9
- SHA1
  
  279cf5c181cdeaac811d2eb4c9e81fc72c4d4053
- SHA256
  
  7a087d2f7ae76e58d9e7a3069b51a3fd84c1de4b83328d3a27b0ea60d6230ee6
- SHA512
  
  dce1faf680be19855f3b3cc9ea8e8c519a516daf8989d80cb86553001ad1ec9b36d819ea571d122a3cd5c45867d0c836e6a95875b6636b11b8ab2c52067c105a
- SSDEEP
  
  12288:sKry2/qZXzmHfxeuJCJ6ILgo1vKXSa3W44wkZzE96Ghz1X0aiyIWA1X1/:Lry2uXzm/M+5Iuia39xsA96+a4A51/
Score

10^/10

lokibot collection discovery spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectiondiscoveryspywarestealertrojan

behavioral2

lokibotcollectiondiscoveryspywarestealertrojan