lokibot | 4b6a6957a37e14cc031fe81b7deaa6863a6921062b8f8cd71775eaaa24c977a5 | Triage

Sharing

General

Target

4b6a6957a37e14cc031fe81b7deaa6863a6921062b8f8cd71775eaaa24c977a5
Size

277KB
Sample

220124-tqgh3sfea7
MD5

5b2aac5ebb5296244e5633f941a976b4
SHA1

fd58ed72f6cbb33c8c2c98fd068b799939cb8264
SHA256

4b6a6957a37e14cc031fe81b7deaa6863a6921062b8f8cd71775eaaa24c977a5
SHA512

4f034436f22994f89623c9ce1a1dbd0ce56f00b8fea5bb7ea696c5c84fe8a0af834d2c08bf5e5c969a6e5e15092150093a2f4b9ec6ec50bfff4ba18809e7891e

Score

10^/10

lokibot collection spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://secure01-redirect.net/gc14/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  4b6a6957a37e14cc031fe81b7deaa6863a6921062b8f8cd71775eaaa24c977a5
- Size
  
  277KB
- MD5
  
  5b2aac5ebb5296244e5633f941a976b4
- SHA1
  
  fd58ed72f6cbb33c8c2c98fd068b799939cb8264
- SHA256
  
  4b6a6957a37e14cc031fe81b7deaa6863a6921062b8f8cd71775eaaa24c977a5
- SHA512
  
  4f034436f22994f89623c9ce1a1dbd0ce56f00b8fea5bb7ea696c5c84fe8a0af834d2c08bf5e5c969a6e5e15092150093a2f4b9ec6ec50bfff4ba18809e7891e
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojan