lokibot

General

Target

1a07532785f1d0a43b0b5d68d54e411dd3f1bf1faec90deba15e2bff2df86cff
Size

517KB
Sample

220705-3m2vaaedbl
MD5

682f1a11681229794b6a48fe65b9e223
SHA1

a35bacfea0c786cfc4a9d6c59071807520511d78
SHA256

1a07532785f1d0a43b0b5d68d54e411dd3f1bf1faec90deba15e2bff2df86cff
SHA512

d6c6a6cf38a4b1b97ae1738861d241dfaa1f972d171ccfd57ec961810b7d123cebb42f20a9e4c79c22a5d0c6f30d4c818d4059649c7efb298a08ae9f3a422435

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://198.187.30.47/p.php?id=12495881296063980

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  1a07532785f1d0a43b0b5d68d54e411dd3f1bf1faec90deba15e2bff2df86cff
- Size
  
  517KB
- MD5
  
  682f1a11681229794b6a48fe65b9e223
- SHA1
  
  a35bacfea0c786cfc4a9d6c59071807520511d78
- SHA256
  
  1a07532785f1d0a43b0b5d68d54e411dd3f1bf1faec90deba15e2bff2df86cff
- SHA512
  
  d6c6a6cf38a4b1b97ae1738861d241dfaa1f972d171ccfd57ec961810b7d123cebb42f20a9e4c79c22a5d0c6f30d4c818d4059649c7efb298a08ae9f3a422435
Score

10^/10

lokibot collection spyware stealer suricata trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
  suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
  suricata
- suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
  suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
  suricata
- suricata: ET MALWARE LokiBot Checkin
  suricata: ET MALWARE LokiBot Checkin
  suricata
- suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
  suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
  suricata
- suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
  suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
  suricata
- suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
  suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
  suricata
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1