lokibot

General

Target

PPE Quotation - 7.7.pdf__7667.exe
Size

370KB
Sample

200709-5bcgsqrcxe
MD5

563c040b980ce689d9338b59685f982a
SHA1

ea5c54c52928664a4f12dc5906621c7fe1fd6e6f
SHA256

b3f42f7a9747edcd9d13cab3d0a41b3e0d3cde5a5548f5328b5fcf2f3e068d85
SHA512

a40ad87fe46f31ac3ecdfbf162ec85abab18e9c696f92ec52dcab07fd3a372dbb7cf0bc37f04b10382dd8e32105b422aacee5d87979c87020eabb20ba2ea2d2f

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://mecharnise.ir/ea4/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  PPE Quotation - 7.7.pdf__7667.exe
- Size
  
  370KB
- MD5
  
  563c040b980ce689d9338b59685f982a
- SHA1
  
  ea5c54c52928664a4f12dc5906621c7fe1fd6e6f
- SHA256
  
  b3f42f7a9747edcd9d13cab3d0a41b3e0d3cde5a5548f5328b5fcf2f3e068d85
- SHA512
  
  a40ad87fe46f31ac3ecdfbf162ec85abab18e9c696f92ec52dcab07fd3a372dbb7cf0bc37f04b10382dd8e32105b422aacee5d87979c87020eabb20ba2ea2d2f
Score

10^/10

spyware trojan stealer lokibot
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads user/profile data of web browsers

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2