lokibot

General

Target

deecf3da7331b5a8d2c5c6d5e71f634d0e7850c3c471e1f92c75ea073abe5c1e
Size

213KB
Sample

220520-3n27facbej
MD5

579c6daa583702c353897fc296a3389c
SHA1

04264ce61b921acd590d91c581b88741081015c3
SHA256

deecf3da7331b5a8d2c5c6d5e71f634d0e7850c3c471e1f92c75ea073abe5c1e
SHA512

4af38174108537a83a24eba3d7f68cd33d75115fcf725006a847399d972f79862698e56aa6a15716d30d89fdc3154950eb277bef26fc256835482e9c014091f2

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://beckhoff-th.com/kon/kon2/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  payslip_422.exe
- Size
  
  373KB
- MD5
  
  1e3d55f211b2ad55a39712cd1c06ee35
- SHA1
  
  743ebab116fc5a601e878542a15f9d23267a8755
- SHA256
  
  5c5408db84b06949b9aae7b528ad603bf17615ceac0aba3cd79cc92ed77b8163
- SHA512
  
  8ec31df3dd9a80a5e1d586eabd39477f2e826670b07de18460d1ee839001941a499f1f1e1b0a1433576be682116b6aa53a34997ba4035d63411ade9bf92aa2f5
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Email Collection

1

T1114

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2