Try VMRay Platform
Malicious
Classifications

Spyware

Threat Names

C2/Generic-A Lokibot Lokibot.v2 Mal/Generic-S

Dynamic Analysis Report

Created 2 years ago

e524d7c7a6d4ade2651a65b9d0c5e162532a70495b957b9a5d34dcaaace571fe.exe

Windows Exe (x86-32)
...

Remarks (1/1)

(0x0200000E): The overall sleep time of all monitored processes was truncated from "1 hour, 52 minutes" to "20 seconds" to reveal dormant functionality.

VMRay Threat Identifiers (32 rules, 54 matches)

ScoreCategoryOperationCountClassification
5/5
Extracted ConfigurationLokibot configuration was extracted1Spyware
5/5
YARAMalicious content matched by YARA rules3Spyware
5/5
Data CollectionTries to read cached credentials of various applications1Spyware
4/5
ReputationKnown malicious file1-
4/5
ReputationContacts known malicious URL1-
4/5
ReputationResolves known malicious domain1-
3/5
DiscoveryReads installed applications1Spyware
2/5
Data CollectionReads sensitive browser data4-
2/5
DiscoverySearches for senstive application data1-
2/5
Data CollectionReads sensitive ftp data6-

Malware Configurations

»
Lokibot
...

Screenshots

Monitored Processes

Process GraphProcess Graph Legend

MITRE ATT&CK™ Matrix - Windows

ActiveAll
Version: 2019-04-25 20:53:07.719000
Initial Access
Execution
Persistence
Privilege Escalation
Defense Evasion
Hidden Window
Credential Access
Credentials in Registry
Credentials in Files
Credential Dumping
Discovery
System Information Discovery
Query Registry
Browser Bookmark Discovery
File and Directory Discovery
Lateral Movement
Remote File Copy
Collection
Automated Collection
Data from Local System
Command and Control
Remote File Copy
Standard Application Layer Protocol
Exfiltration
Impact

Sample Information

ID#6218736
MD5
9632628f4b25e22bf57a5fb1010daf4e
SHA1
339706d04fbc6c4a0e3cad9c8a12d7b88a8a0dcb
SHA256
e524d7c7a6d4ade2651a65b9d0c5e162532a70495b957b9a5d34dcaaace571fe
SSDeep
6144:QBn1PO9HgFIUgwXVH/7/Gf5emejH+PgDSD9LV9Gj4WhwW:gPOhCXVf7/GJnPFDosW
ImpHash
ab6770b0a8635b9d92a5838920cfe770
File Namee524d7c7a6d4ade2651a65b9d0c5e162532a70495b957b9a5d34dcaaace571fe.exe
File Size236.42 KB
Sample TypeWindows Exe (x86-32)

Analysis Information

Creation Time2022-11-25 09:11 (UTC+)
Analysis Duration00:04:00
Termination ReasonTimeout
Number of Monitored Processes3
Execution Successful
Reputation Enabled
Built-in AV Enabled
Number of AV Matches0
YARA Enabled
Number of YARA Matches21
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image