lokibot

General

Target

INVtransfercopyreceipt07072020.exe
Size

346KB
Sample

200707-7a8v7jkwys
MD5

7e5783717dd46ed1a4cb15fb803fa44a
SHA1

3845da005de6a12f9058fc717a7e9cfe78f06372
SHA256

3412f3e08654eceebff6c557eb9f0e82ab9e7b4cf5b0a3b9f2c7fefa5d07fe75
SHA512

1d02fc33a067531a532a329e96f1675afa6396375fa44e890e7443e1c56bf5fe53465f0579d585d55c325ddb89535682a690fb12442e574c6ee63a820e1d8d59

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://modevin.ga/~zadmin/lmark/frega3/mode.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  INVtransfercopyreceipt07072020.exe
- Size
  
  346KB
- MD5
  
  7e5783717dd46ed1a4cb15fb803fa44a
- SHA1
  
  3845da005de6a12f9058fc717a7e9cfe78f06372
- SHA256
  
  3412f3e08654eceebff6c557eb9f0e82ab9e7b4cf5b0a3b9f2c7fefa5d07fe75
- SHA512
  
  1d02fc33a067531a532a329e96f1675afa6396375fa44e890e7443e1c56bf5fe53465f0579d585d55c325ddb89535682a690fb12442e574c6ee63a820e1d8d59
Score

10^/10

spyware trojan stealer lokibot
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Blacklisted process makes network request
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blacklisted process makes network request

Loads dropped DLL

Reads user/profile data of web browsers

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2