lokibot

General

Target

990386ad9c9b452687989d7c987e05fbbad623e6c847de809d5d115c455b4252
Size

540KB
Sample

220701-r9knqshabk
MD5

a685fa1757f59d7aaf82f4acfbab7186
SHA1

c773411f96ec92574b294df4e09a9a412890f40c
SHA256

990386ad9c9b452687989d7c987e05fbbad623e6c847de809d5d115c455b4252
SHA512

0423ac49e20e07f12f039ab443858d670b5a56fba9b031f2adb2f6e940b1f89f100664da3979932fb243f31b7ecdf72e3956af18cdade694cf22fdeae34c10e5

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://107.175.150.73/~giftioz/.rojonm/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  MG.exe
- Size
  
  1.1MB
- MD5
  
  60e128faa25f86f6ac56eff424ec3c90
- SHA1
  
  7ee56d264429a903cff43b77f4efc3065552c408
- SHA256
  
  70cb325da7e54f302dd59c22effc1cb651f270c72b1323fda2331c6acf07dca8
- SHA512
  
  c4f8de75c4caac078f67ac48dc5741fcb189f312876de3d6b36810026e10a2b0f2ee9216fe292bbb6a38f9bb5838dd72ebaf4c968024a72810f37d7d745fac21
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Email Collection

1

T1114

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2