lokibot | 7a9a8d54632678f1b988c651fce64f39cdb11050d080e2453df24e4e6a81a5a4 | Triage

Submit
Reports

Overview

overview

Static

static

5

payment copy.xls.exe

windows7-x64

payment copy.xls.exe

windows10-2004-x64

Sharing

General

Target

payment copy.xls.exe
Size

898KB
Sample

250124-es3rrszqcr
MD5

79909af0c94352b1c85608a88481c02d
SHA1

1dcc9fae630146395411beb6af4c9ae6acc6b94d
SHA256

7a9a8d54632678f1b988c651fce64f39cdb11050d080e2453df24e4e6a81a5a4
SHA512

fbfea4b0573b5c5bf742a86260be79a444d1d2bd23f0fd1eb25d0dc6b52cfdce8973a83f59c9a148b6cd29e95f57f7fc5df19fa7724ef0c9ba9bfb30c7bca607
SSDEEP

12288:ehkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4aC2+jcz469Q4eE:uRmJkcoQricOIQxiZY1iaC2+jw4SQ4eE

Score

10^/10

lokibot collection discovery spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

payment copy.xls.exe

Resource

win7-20240729-en

lokibot collection discovery spyware stealer trojan

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

payment copy.xls.exe

Resource

win10v2004-20241007-en

lokibot collection discovery spyware stealer trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

lokibot

C2

http://royalsailtravel.ru/Sacc/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  payment copy.xls.exe
- Size
  
  898KB
- MD5
  
  79909af0c94352b1c85608a88481c02d
- SHA1
  
  1dcc9fae630146395411beb6af4c9ae6acc6b94d
- SHA256
  
  7a9a8d54632678f1b988c651fce64f39cdb11050d080e2453df24e4e6a81a5a4
- SHA512
  
  fbfea4b0573b5c5bf742a86260be79a444d1d2bd23f0fd1eb25d0dc6b52cfdce8973a83f59c9a148b6cd29e95f57f7fc5df19fa7724ef0c9ba9bfb30c7bca607
- SSDEEP
  
  12288:ehkDgouVA2nxKkorvdRgQriDwOIxmxiZnYQE7PJcE4aC2+jcz469Q4eE:uRmJkcoQricOIQxiZY1iaC2+jw4SQ4eE
Score

10^/10

lokibot collection discovery spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Lokibot family
  lokibot
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectiondiscoveryspywarestealertrojan

behavioral2

lokibotcollectiondiscoveryspywarestealertrojan

© 2018-2025

Terms | Privacy