lokibot

General

Target

Payment Date 10.07.2020.exe
Size

241KB
Sample

200713-8bxm18pg2s
MD5

45e1487229334c83b43db67f3c9bcd34
SHA1

c303a612cfcdb6be2ff6c055d941e0358f33b9af
SHA256

ba70b16e63725d98406a9e9da5126d9dde77fea5f3b080b5571f2553675ad8a7
SHA512

43ae677459f09d072a41104c1771ab30d9b64b9516b0672c2ef9e225a1c6d9387bad25f6f5943020a43bb691d922f3da0e2da980b3d55d5e7fe7d983b401c2e1

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://modevin.ga/~zadmin/lmark/frega2/mode.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  Payment Date 10.07.2020.exe
- Size
  
  241KB
- MD5
  
  45e1487229334c83b43db67f3c9bcd34
- SHA1
  
  c303a612cfcdb6be2ff6c055d941e0358f33b9af
- SHA256
  
  ba70b16e63725d98406a9e9da5126d9dde77fea5f3b080b5571f2553675ad8a7
- SHA512
  
  43ae677459f09d072a41104c1771ab30d9b64b9516b0672c2ef9e225a1c6d9387bad25f6f5943020a43bb691d922f3da0e2da980b3d55d5e7fe7d983b401c2e1
Score

10^/10

spyware trojan stealer lokibot
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Blacklisted process makes network request
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blacklisted process makes network request

Loads dropped DLL

Reads user/profile data of web browsers

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2