lokibot

General

Target

ba167984676eeac1307b81f5410739ec309aad4ec2988d9e4266d1c6a449de9e
Size

144KB
Sample

220521-w7fdfsedbj
MD5

d67f3775f1d531b12ed148311eef6e26
SHA1

d0f2c64e01ea3a1aaf395ac5866a953ec11aed1b
SHA256

ba167984676eeac1307b81f5410739ec309aad4ec2988d9e4266d1c6a449de9e
SHA512

b4cccac12ca02387939a04dfcc0a074cac184ea235fd6c9fd2114fcc210305e9874d7722c11de86aa4a48159f7411cc96456ec7e482876ed997ee92dace80122

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://winqits.com/~zadmin/lk/me/gate.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  me_2020-07-16_10-33.exe
- Size
  
  217KB
- MD5
  
  286293e2ce99fd16fc88c38e2fc74538
- SHA1
  
  a6f107edafbf6585802db4476f2727e039424783
- SHA256
  
  85261f175271fe271ff3010d3eb2ec251f1d14aae84a25cddcd189b81b32b415
- SHA512
  
  66cbfc2d82ca5feb2ad1b4bcf7263d677bcd845d7283a5a02a9a1807e2b6b18cb999195ac2875b03515953d52e3a4f8d937cdf5c671f6bec75d71895b7d40386
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Email Collection

1

T1114

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2