lokibot | 08a432fce2ce0eddb6a02573a6a44d4a443f4476fd9a7f9902386747c4f38de5 | Triage

Sharing

General

Target

08a432fce2ce0eddb6a02573a6a44d4a443f4476fd9a7f9902386747c4f38de5
Size

666KB
Sample

211108-lg4y1sbfe2
MD5

46c3f0a11804275f801722c913efbc44
SHA1

d84cef9fe789c9c7e2beb05c6a033f79056e9912
SHA256

08a432fce2ce0eddb6a02573a6a44d4a443f4476fd9a7f9902386747c4f38de5
SHA512

99cc9d3da5b9e574d385edd7423413a8114b2bc16cec35af91e9c47f73a73ad9f4dbfeaf1cdf3257c00c88d5651ef07bffb9c84340bf6fec163bea779c9dd11d

Score

10^/10

lokibot collection spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://secure01-redirect.net/ga18/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  08a432fce2ce0eddb6a02573a6a44d4a443f4476fd9a7f9902386747c4f38de5
- Size
  
  666KB
- MD5
  
  46c3f0a11804275f801722c913efbc44
- SHA1
  
  d84cef9fe789c9c7e2beb05c6a033f79056e9912
- SHA256
  
  08a432fce2ce0eddb6a02573a6a44d4a443f4476fd9a7f9902386747c4f38de5
- SHA512
  
  99cc9d3da5b9e574d385edd7423413a8114b2bc16cec35af91e9c47f73a73ad9f4dbfeaf1cdf3257c00c88d5651ef07bffb9c84340bf6fec163bea779c9dd11d
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojan