lokibot

General

Target

a65c0bef2fc2326789b7118f65bdf2ce938810d3fc04b27006ab18e468d0c2ac
Size

113KB
Sample

220521-xl6tyscaf3
MD5

20e47d64083aa4f4914b8b5df0a48326
SHA1

6b44d16b01f0c5370127dd31e44d01ab201dbc8b
SHA256

a65c0bef2fc2326789b7118f65bdf2ce938810d3fc04b27006ab18e468d0c2ac
SHA512

4c9c8fdfc5167d472967def75fe690b12afea71eee01903eb7afd7f0941ca48c554af9185024e84819938230f04bf37494f4dfdceb9b9e627cba568005010681

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://profortune-tw.com/layloks/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  CCI20200807_00004.scr
- Size
  
  150KB
- MD5
  
  901cd343dc8eb6958c2de9465e60810f
- SHA1
  
  7470ea70de9c5f2b566e87d9c07dbe80dffbd108
- SHA256
  
  ceb203bdb13f1834d27769c8da01e52b769ef57c9c3016581bec5865fc02faa8
- SHA512
  
  8954a74367a49de011bfc22d6e01155319a51b4ccf397bf933307f6c16e1d6462935f6c423c513cc50f5bcddd19aaf0e49d977d7cdc1caf047246302d103d79b
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2