lokibot

General

Target

New Order.zip
Size

524KB
Sample

241022-tnprnswaqp
MD5

2ba45f05a335d1b1740d1401bcebad39
SHA1

7b87a171da03b1ca8248e7e2e4a203b258e79f16
SHA256

2592c99ac5bbdbad03df7ea4f754bdf4f6c9180502e5d93f59cb25d4f317e1e2
SHA512

6dbb52b4ddf304d1827e9f0ca4d38e9489950dbba7c752d412b7f011eca8c702de43ce16c77b5ba772fcae32c145483ebc79be3d4dc06e885a05e88575067656
SSDEEP

12288:xt7iLdfmCiPIZDKzxW3rfjQo6t/SBQ1XRE434p/MOWAJZpQEF5kIowfG:xtuLdONPODkof0o69XECUiaWIffG

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://94.156.177.220/skipo/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  New Order.zip
- Size
  
  524KB
- MD5
  
  2ba45f05a335d1b1740d1401bcebad39
- SHA1
  
  7b87a171da03b1ca8248e7e2e4a203b258e79f16
- SHA256
  
  2592c99ac5bbdbad03df7ea4f754bdf4f6c9180502e5d93f59cb25d4f317e1e2
- SHA512
  
  6dbb52b4ddf304d1827e9f0ca4d38e9489950dbba7c752d412b7f011eca8c702de43ce16c77b5ba772fcae32c145483ebc79be3d4dc06e885a05e88575067656
- SSDEEP
  
  12288:xt7iLdfmCiPIZDKzxW3rfjQo6t/SBQ1XRE434p/MOWAJZpQEF5kIowfG:xtuLdONPODkof0o69XECUiaWIffG
Score

10^/10

lokibot collection discovery spyware stealer trojan upx
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Executes dropped EXE
- Accesses Microsoft Outlook profiles
  collection
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1
- Target
  
  New Order.exe
- Size
  
  538KB
- MD5
  
  fed5b3d1972774645a11685a33140e28
- SHA1
  
  c9ea3cdc9f537fe50088c07c239c69dea4456ddc
- SHA256
  
  15582393b01b6c64d16d7c573cec24dc00954c1faede0dc69777a1caa9757f7d
- SHA512
  
  5682fcc7f55a8915dceeda6ce0b6cb60f993987c2631c7b4024d6afc78cd94cc345561e59ac15df2fe9511a92736ef387354f703287ac1326d9da694ee269680
- SSDEEP
  
  12288:V9BvctM85t35JPNJj2WzoRLQYRYzmYcwbzbpFMQWaJZpQEB52oSwc3:VD0tM85tbNJjldeYiYpi+so1c3
Score

10^/10

lokibot collection discovery spyware stealer trojan upx
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Accesses Microsoft Outlook profiles
  collection
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral2
- Target
  
  out.upx
- Size
  
  631KB
- MD5
  
  4cfc336a1227bee3e8faa8c9c4d4064c
- SHA1
  
  89d32b1c8a4fcdbae47c7094ec8bc3892776c180
- SHA256
  
  3351dd65441b3d2f5a7db8377c57715f586730b2355c8c7de5f1b910357e9605
- SHA512
  
  ca3b31f4f6b3513aa33e0a8fb7fda04970ac9d81c6e36c6f58838a23908da1f4dc74e81f6fd1314255c22ca4ce3c307ca9cc305fb9c7e0e27f03625fdf14580f
- SSDEEP
  
  6144:DBlzInco1bg7vxVLWnCA2h+uiSErK/3nQbjBZaK56A8iFKe4er6nF4mTDxWUaJY1:DLkcoxg7v3qnC11ErwIhh0F4qwUgUny
Score

1^/10
behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Accesses Microsoft Outlook profiles

AutoIT Executable

Suspicious use of SetThreadContext

UPX packed file

Lokibot

Accesses Microsoft Outlook profiles

AutoIT Executable

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3