lokibot

General

Target

053a45c631f5183afd88064d0642f1e4930febcb0ab2cbcd42f8001b5b3d3071
Size

319KB
Sample

220527-w8cnyscdak
MD5

2983999b156908bc7dd228f464219c88
SHA1

29ea1b5a5435b1b59e9169cd5ff658a876a36365
SHA256

053a45c631f5183afd88064d0642f1e4930febcb0ab2cbcd42f8001b5b3d3071
SHA512

1fea27d66b57f24602ce8fcaf03c10fd2dcc56e071f0ad90b18801762eb4919ffb8a96550a19db01e65adb3edd969f79f411e66691f8863d182a72b6c313920c

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

https://photonewsiq.com/bu/Panel/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  pass.exe
- Size
  
  612KB
- MD5
  
  d6019153d5b7e6b85bc608621529ed10
- SHA1
  
  53b72f8150d31f8206cb0a32fbc3939346ffdb17
- SHA256
  
  97c18a16b640056b8baa52a6166530e578d675141dcbb5f025e566ee682a0082
- SHA512
  
  97cda9f493c8da8858f02b5fdf6325e41f99d013c0a2d44a33468768b563cb9f654d2a1afe4ee077b41245fc59576e7e19457bbd5f6d848f244fe067a3cbaff6
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Email Collection

1

T1114

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2