Description
Lokibot is a Password and CryptoCoin Wallet Stealer.
c9699446a6c1d02ed56cb9778e696854815659242bd3a55010736b23b04ab138
General
Target
Size
Sample
c9699446a6c1d02ed56cb9778e696854815659242bd3a55010736b23b04ab138
813KB
220521-w8ylesbbg8
Score
10 /10
MD5
SHA1
SHA256
SHA512
c1332c2ff2f9eb871570f5c031d8d217
9e868ba85e3d0adf1a50f05955c16fed24834ca9
c9699446a6c1d02ed56cb9778e696854815659242bd3a55010736b23b04ab138
81c53bc151baa8bcff803e458d7374afcad2c0c807c906a7e909c17aa27f9fee834d9964c64c4750aa81c04c3d8c3947d8b6887f409eb0b833124fd13f91d0e4
Malware Config
Extracted
| Family | lokibot |
| C2 |
http://oneflextiank.com/cream/five/fre.php http://kbfvzoboss.bid/alien/fre.php http://alphastand.trade/alien/fre.php http://alphastand.win/alien/fre.php http://alphastand.top/alien/fre.php |
Targets
Target
MD5
Filesize
S8872_PDF.exe
d76cb6054119c4a62dd9edd2239645d2
1MB
Score
10/10
SHA1
SHA256
SHA512
90fc7d4e5e82f7fefe505ca0c037c59ac73d8ded
27534ee3bfdbfc3b5bfb4b61237354d3d529822b0b64789528c1a8c2ae455318
db0fede878be7a6d0e2a739fd60957f0ca514ed400835c06e39622c13cfd4c62b7cbc25f7c31bca339adf32eb88d515af55db3bc23d2cadc1b0003db8dfdb211
Tags
Signatures
-
Lokibot
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
Description
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
Tags
-
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
Description
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
Tags
-
suricata: ET MALWARE LokiBot Checkin
Description
suricata: ET MALWARE LokiBot Checkin
Tags
-
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
Description
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
Tags
-
Accesses Microsoft Outlook profiles
Tags
TTPs
-
Suspicious use of SetThreadContext
Related Tasks
MITRE ATT&CK Matrix
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Tasks