lokibot

General

Target

4584329169764352.zip
Size

365KB
Sample

211201-z763ysbbh2
MD5

bcab9ad739cf8866920b08e32e2b40bf
SHA1

291f637de0e4db355743b633a1768966e1af171a
SHA256

75261eb69798fe5d2ea735231fad128165f153bc3f9649f6b38047a85426c53d
SHA512

064afea747c8db43bd05b15d6acfabce795b7463cca2959a05b91206bcb8cea93d9d94dd182be628f63a5277fe9c76f5590c5238f99eaa61c17d0b5eccbf8264

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://secure01-redirect.net/gb5/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  9ff45b3452987fc5734b08ae8a38553a2932b6a6f9c8c18e309ad8415b6a29a8
- Size
  
  432KB
- MD5
  
  523eb8fe16b36d0747ab9b524fbe963d
- SHA1
  
  15542e8e1a4be67b6a2d3425cc99da3d303dcfcd
- SHA256
  
  9ff45b3452987fc5734b08ae8a38553a2932b6a6f9c8c18e309ad8415b6a29a8
- SHA512
  
  dbf5699694775306d443a645c64200713a7bb0cfdec7ca7d7a36e6d5b73aa6c02f143256a8bdad67d06ec9f48b53e1ca93140d970510fdee6cbb3604bbda2128
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Email Collection

1

T1114

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2