lokibot

General

Target

24cf891903408b85cdce1e4ee8c4101f878b944113ae808273444a0db1d2335f.exe
Size

231KB
Sample

201020-patxrrwlgs
MD5

ed3e155b736c7f072cd1358938e9c046
SHA1

e9775b2888a19d8ce4f8fa3102c175f1a9297b13
SHA256

24cf891903408b85cdce1e4ee8c4101f878b944113ae808273444a0db1d2335f
SHA512

e2e4728a08c3e9241dc1d509743ea6a5f2b43a8af62d7c8cedf18da6cd8d44cb076414afc092f30436413fa5d7abd665bb70755d4d18ca4b878181821f8e422d

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://crestmart.ga/main/l09/US/mode.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  24cf891903408b85cdce1e4ee8c4101f878b944113ae808273444a0db1d2335f.exe
- Size
  
  231KB
- MD5
  
  ed3e155b736c7f072cd1358938e9c046
- SHA1
  
  e9775b2888a19d8ce4f8fa3102c175f1a9297b13
- SHA256
  
  24cf891903408b85cdce1e4ee8c4101f878b944113ae808273444a0db1d2335f
- SHA512
  
  e2e4728a08c3e9241dc1d509743ea6a5f2b43a8af62d7c8cedf18da6cd8d44cb076414afc092f30436413fa5d7abd665bb70755d4d18ca4b878181821f8e422d
Score

10^/10

trojan spyware stealer lokibot
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Blacklisted process makes network request
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Blacklisted process makes network request

Loads dropped DLL

Reads user/profile data of web browsers

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2