lokibot

General

Target

TT Copy Of Payment.ARJ
Size

419KB
Sample

211201-t9yayahah5
MD5

52ad61c6e8e42494fd0ef5a44aa9a6b9
SHA1

51b8b494784db200a125cc76bddc974c1a8547ef
SHA256

e36584177d24d335044de0be000a349b79932d3c9b25c7940956c0baf825c9cb
SHA512

10b104770ea1d57d4a11f0919fca08246eb3c9ef196e647cf62a535d3cb4557be4bea39f89942f40c65b55305d4a4ca0e691210add9692b0cc2c6b79f66ad758

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://obilok.xyz/dx/77.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  H069685744768944.SCR
- Size
  
  459KB
- MD5
  
  358c6110d2177b53e7e3777c73a609bd
- SHA1
  
  03e4a5a30e3209ce44e65b0ad75de8a640a2aba9
- SHA256
  
  adae194bf36b9519149adc7c2a3fd19fef3fddb209c81107f19e04a001e4237b
- SHA512
  
  e18c39e3940d3fcbf4f19ab84503a6afc976ea3592decbf1d076c5ab844a6bcb1a84d119850991ee37208b0d5006d4a3d313e51493f9c717689b3cd08078839b
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Email Collection

1

T1114

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2