lokibot

General

Target

7a5ce5c7be9b7779c246e68743541c9717bfcd2a10d95067b616f83e4e0e3037
Size

574KB
Sample

220521-n2jvpaeea6
MD5

3788b15c3f02ddd531736a5a44f625d9
SHA1

3c4f46aedaa4c32bc5eb18c684f823d513811702
SHA256

7a5ce5c7be9b7779c246e68743541c9717bfcd2a10d95067b616f83e4e0e3037
SHA512

079295bf174c3ec474f23c0fdb502396b076c148ec9fb4ff3840fb2ef0239f7d815f0618352f25e214154f872a1a728b51ba8efb27c2c47311dc5a8922a18b17

Score

10^/10

Malware Config

Targets

- Target
  
  scan000288652.exe
- Size
  
  1.0MB
- MD5
  
  efdd754b5c5c0e8904e75a3626888599
- SHA1
  
  6082f4397931b0071e4d93dd4d37d29c8e135eb7
- SHA256
  
  fd109cfe95d8da2681647dd8f860797e521710150721b251277ea7d1fdcc8c88
- SHA512
  
  8d61dd819f223a6d961a51047fa1c332d1e559b8864efca10cc80729ec16eb43ca5e10f3207d07e18836ee5d487e73f9b4fd6cdf61caa933d597ced5d26540b7
Score

10^/10

lokibot collection spyware stealer suricata trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
  suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
  suricata
- suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
  suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
  suricata
- suricata: ET MALWARE LokiBot Checkin
  suricata: ET MALWARE LokiBot Checkin
  suricata
- suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
  suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
  suricata
- suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
  suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
  suricata
- suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
  suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
  suricata
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2

suricata: ET MALWARE LokiBot Checkin

suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1

suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2

suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2