lokibot

General

Target

ca33728a22852c80a1894df0cd79f1a5b10c2085dbc4a9a8639d7942b2672cc5.exe
Size

321KB
Sample

201020-38bpa8cfrs
MD5

211331400846c8e81625848c08cb9b7c
SHA1

82e7712d582d358cde56fe02998acb4c38222d5d
SHA256

ca33728a22852c80a1894df0cd79f1a5b10c2085dbc4a9a8639d7942b2672cc5
SHA512

e9b5d5f299d20d03b37681c9ddc2ac92b5134a75852a04b021fde606626ac6848defd2f10cc692448c8049c3971bd9ee83c8cf4e3732414466b1b025660969c1

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://crestmart.ga/main/l09/sfmaro/mode.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  ca33728a22852c80a1894df0cd79f1a5b10c2085dbc4a9a8639d7942b2672cc5.exe
- Size
  
  321KB
- MD5
  
  211331400846c8e81625848c08cb9b7c
- SHA1
  
  82e7712d582d358cde56fe02998acb4c38222d5d
- SHA256
  
  ca33728a22852c80a1894df0cd79f1a5b10c2085dbc4a9a8639d7942b2672cc5
- SHA512
  
  e9b5d5f299d20d03b37681c9ddc2ac92b5134a75852a04b021fde606626ac6848defd2f10cc692448c8049c3971bd9ee83c8cf4e3732414466b1b025660969c1
Score

10^/10

spyware trojan stealer lokibot
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Blacklisted process makes network request
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blacklisted process makes network request

Loads dropped DLL

Reads user/profile data of web browsers

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2