lokibot

General

Target

3bd28e886cb9367751d223ed38e086bb55ed4dbd737cd2060c9b5d5dab5a56e1
Size

382KB
Sample

220521-my8h7sfhaq
MD5

69fe5b561d5c459cf81ef7cce883dfc1
SHA1

d340d3ec1d86653d44cf2442f8ab849531fa9eb2
SHA256

3bd28e886cb9367751d223ed38e086bb55ed4dbd737cd2060c9b5d5dab5a56e1
SHA512

6e24b27c627fc93b77d94301e0d38f3599a04005f99d5c5ab91211bbe506049ae43d757d1eb61f671e71b6664bd9a75a5a25d7b96ca968e83e411733437c20f5

Score

10^/10

Malware Config

Targets

- Target
  
  Request For Quotation.exe
- Size
  
  666KB
- MD5
  
  d903149bfb01a43a2afafddcbb9f2ff5
- SHA1
  
  37b4111dc0f14a7e156c1bfa0c57be2f8c62f540
- SHA256
  
  1c6998eb17cf21837fa8153add76ce113846aa94e96d089687fce38c25bbd31f
- SHA512
  
  059db520c92103fbf43c5fa66bc104f559541e9119d3dcc83825966d72127bb93ef936d6db6869fda4c1c3b8bb35ef556302bb523fb1cb9b376867844b4b891b
Score

10^/10

lokibot collection spyware stealer suricata trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
  suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
  suricata
- suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
  suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
  suricata
- suricata: ET MALWARE LokiBot Checkin
  suricata: ET MALWARE LokiBot Checkin
  suricata
- suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
  suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
  suricata
- suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
  suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
  suricata
- suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
  suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
  suricata
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Email Collection

1

T1114

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Targets

suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2

suricata: ET MALWARE LokiBot Checkin

suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1

suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2

suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2