lokibot

General

Target

3ce3555137487086422f29c8d40269d88c5963f9c73db20b48394afa232b5e3e
Size

941KB
Sample

220703-flqz3ahgf2
MD5

9fe36048a31c11f517a51156796ac0e6
SHA1

2c8d2cb615851f5b0b8c865eae735d3437004017
SHA256

3ce3555137487086422f29c8d40269d88c5963f9c73db20b48394afa232b5e3e
SHA512

1d2fa6beb6441f6d84bc2b014a32264420a0a3552371cec8e100d2d3f8d9f55e88fd8459917071e926c016b7f3abd7cd9dfce5c45a779e6c54ae36d1e56e03ed

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://playingnewgameers.tk/bin/Panel/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  3ce3555137487086422f29c8d40269d88c5963f9c73db20b48394afa232b5e3e
- Size
  
  941KB
- MD5
  
  9fe36048a31c11f517a51156796ac0e6
- SHA1
  
  2c8d2cb615851f5b0b8c865eae735d3437004017
- SHA256
  
  3ce3555137487086422f29c8d40269d88c5963f9c73db20b48394afa232b5e3e
- SHA512
  
  1d2fa6beb6441f6d84bc2b014a32264420a0a3552371cec8e100d2d3f8d9f55e88fd8459917071e926c016b7f3abd7cd9dfce5c45a779e6c54ae36d1e56e03ed
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

1

T1064

Persistence

Privilege Escalation

Defense Evasion

Scripting

1

T1064

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1

T1114

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Uses the VBS compiler for execution

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2