lokibot

General

Target

b7e508b5d5dbdb69d98bf4b1527ea597b05de34d5c84ea8e03cc8fab4e332565
Size

381KB
Sample

220521-mydc3afgfl
MD5

76b78f3a3a90f0eb862b1dda0a00c8c7
SHA1

5db017d757932d0aaf34efdda914001486a28f2c
SHA256

b7e508b5d5dbdb69d98bf4b1527ea597b05de34d5c84ea8e03cc8fab4e332565
SHA512

3671295a8abcc8edadaf8a1c2712bdbf60dde62c16fb3e83ef589e828460c97bf5ae30514eaabdd7bf88baca68c6cc6679ffbccfa881c9e0230f610323be449e

Score

10^/10

Malware Config

Targets

- Target
  
  scan copy-1011211_pdf.exe
- Size
  
  666KB
- MD5
  
  c1be609642320d4ebda2bf43a81fa809
- SHA1
  
  a606d376ce7330fb29c424e29adad961b16ff15b
- SHA256
  
  a8d1421f0d0d3babfd87e46e494a017c2627a20bf67d09b9a0dde3301e5511cf
- SHA512
  
  9f7f404cc43408c0ad6426d36c2452fb3ed7758f3d3c8bba3142defeceec05f28a0ee30927150d4898f9bc6da04f7a1291f197d95ae5fb189528dac80eab1964
Score

10^/10

lokibot collection spyware stealer suricata trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
  suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
  suricata
- suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
  suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
  suricata
- suricata: ET MALWARE LokiBot Checkin
  suricata: ET MALWARE LokiBot Checkin
  suricata
- suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
  suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
  suricata
- suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
  suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
  suricata
- suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
  suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
  suricata
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Email Collection

1

T1114

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Targets

suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2

suricata: ET MALWARE LokiBot Checkin

suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1

suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2

suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2