lokibot

General

Target

84e0438826a95865f0c61bb632ebcc984038cdf2efb505e475cd314b8531aad4
Size

286KB
Sample

220521-nex4ssggal
MD5

6509821ed23a75328ef3e6ab14c34bc1
SHA1

5bfbf8022b7614548ada05acb73799f0a5456357
SHA256

84e0438826a95865f0c61bb632ebcc984038cdf2efb505e475cd314b8531aad4
SHA512

cb8ec5c2c2fd74a933d7e6d4dc4ed80766f05e937c00fbbb64145375f037215f0c5a09b05a9bb82e3292ac0f4662288083cd9d3f4988176a19f0517c8ecda42d

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://mito--cn.com/kaka/kaka1/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  Scanconfidentail_file_pdf.exe
- Size
  
  448KB
- MD5
  
  a55c86d487b41113ed29d2e9d9b769bb
- SHA1
  
  1e0219c5fdda0f6f1d33fd121a106b53bf7240ce
- SHA256
  
  16236af6a2deae7c6767f5f5ea20c3a485bd8d2ca966e9f861b711852ec6bf62
- SHA512
  
  0470a293f0a9b23e95c9d8014aee9d50204510ca3c89d673fcaed89abece119a8b68fe1eac936c45a5122cdac08ad52aacefab201792ea3b2529d032ec17c8cf
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Email Collection

1

T1114

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2