lokibot

General

Target

d6578cfa95212240972a85887d8624f8a628b62d2ca6bc523413391a79849228
Size

375KB
Sample

220521-xgq8psfadj
MD5

2eac6950aa5bb950c5f14390351c12a4
SHA1

618058f54657e384c1d04fc0ac2fc9f41f1ae7c7
SHA256

d6578cfa95212240972a85887d8624f8a628b62d2ca6bc523413391a79849228
SHA512

edbff829fbdd892b5dd835d143ccef0fc60ad13dacec5e43891cdf1bb6f4de56b5923ba44af89437d2d6659c52fb8f2e98a902bf7c2f20434fc900d7650209fe

Score

10^/10

Malware Config

Targets

- Target
  
  LOD.exe
- Size
  
  641KB
- MD5
  
  f23480be17a427fd8e032bce73d74737
- SHA1
  
  33bcec04ab13d1f8cffce7910f503d7abf6354a2
- SHA256
  
  c5355ed49756557477936e66b14fcf0c968cdfdba663d373cb1601988cce1493
- SHA512
  
  efbf606b5f2fb94439f1861989e273da40b4b084d38ff52a7ec29f000afc416b183eeed96ceb6279b6533340ff2074badd5e2060f7a49b912a2d6a93c99fb3df
Score

10^/10

lokibot collection spyware stealer suricata trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
  suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
  suricata
- suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
  suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
  suricata
- suricata: ET MALWARE LokiBot Checkin
  suricata: ET MALWARE LokiBot Checkin
  suricata
- suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
  suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
  suricata
- suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
  suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
  suricata
- suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
  suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
  suricata
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Email Collection

1

T1114

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Targets

suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1

suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2

suricata: ET MALWARE LokiBot Checkin

suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1

suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2

suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2