be7970e887e25ba0fb3d7c0786b3af50a4066ec0b7a01f4b5110aeaf7ac9620e

Target

Size

1MB

Sample

220521-w95q5aeefk

Score

10 ^/10

MD5

18fb6a614288a4408b20e15c7f92b9b9

SHA1

ca022f1388dc01b5aae9a3323c994c39fc7a3aa6

SHA256

be7970e887e25ba0fb3d7c0786b3af50a4066ec0b7a01f4b5110aeaf7ac9620e

SHA512

1382eb8c7792156f90c3f48f4fa216b19390983e18cb911b86d8b921347e369980526344ba2582d8f368adb3ca4f0fe0f6efca155fb13b966309b3e91ce17a12

Extracted

Family	lokibot
C2	http://kaveriyarns.com/test/five/fre http://kbfvzoboss.bid/alien/fre.php http://alphastand.trade/alien/fre.php http://alphastand.win/alien/fre.php http://alphastand.top/alien/fre.php http://kaveriyarns.com/test/five/fre http://kbfvzoboss.bid/alien/fre.php http://alphastand.trade/alien/fre.php http://alphastand.win/alien/fre.php http://alphastand.top/alien/fre.php

Target

be7970e887e25ba0fb3d7c0786b3af50a4066ec0b7a01f4b5110aeaf7ac9620e

MD5

18fb6a614288a4408b20e15c7f92b9b9

Filesize

1MB

Score

10^/10

SHA1

ca022f1388dc01b5aae9a3323c994c39fc7a3aa6

SHA256

be7970e887e25ba0fb3d7c0786b3af50a4066ec0b7a01f4b5110aeaf7ac9620e

SHA512

1382eb8c7792156f90c3f48f4fa216b19390983e18cb911b86d8b921347e369980526344ba2582d8f368adb3ca4f0fe0f6efca155fb13b966309b3e91ce17a12

Signatures

Lokibot
Description

Lokibot is a Password and CryptoCoin Wallet Stealer.
Tags

trojan spyware stealer lokibot
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
Description

suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
Tags

suricata
suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
Description

suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
Tags

suricata
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
Description

suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
Tags

suricata
suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
Description

suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
Tags

suricata
suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
Description

suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
Tags

suricata
Reads user/profile data of web browsers
Description

Infostealers often target stored browser data, which can include saved credentials etc.
Tags

spyware stealer

TTPs

Data from Local SystemCredentials in Files
Accesses Microsoft Outlook profiles
Tags

collection

TTPs

Email Collection
Suspicious use of SetThreadContext

Related Tasks

behavioral1 behavioral2

Collection

Command and Control

Credential Access

Credentials in Files

Defense Evasion

Discovery

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Privilege Escalation

static1

behavioral1

lokibot collection spyware stealer suricata trojan

10^/10

behavioral2

lokibot collection spyware stealer suricata trojan

10^/10

Extracted

Tags

Signatures

Lokibot

Description

Tags

suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

Description

Tags

suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2

Description

Tags

suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1

Description

Tags

suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2

Description

Tags

suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

Description

Tags

Reads user/profile data of web browsers

Description

Tags

TTPs

Accesses Microsoft Outlook profiles

Tags

TTPs

Suspicious use of SetThreadContext

Related Tasks

static1

behavioral1

behavioral2