lokibot

General

Target

46b76277c6dc812d81fa7b1827811b66ab13b9aeabc41e5ba0824be66ca47108
Size

104KB
Sample

220707-jsas7sffhl
MD5

94d3279571a9693083bd498d40eee3a6
SHA1

f164cd797361d5248bb85d3a7e76edfc5e38ef50
SHA256

46b76277c6dc812d81fa7b1827811b66ab13b9aeabc41e5ba0824be66ca47108
SHA512

375d8a1052e8fbc8a1df803efabdf97ebc41d579ca561f90db88a3c19677d31f6203b8f8d9536f9a8fd86d0d84f5f8b9061fc369092b10f4cc25f11b12350a5c

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://xxxtencation.us/logger/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  46b76277c6dc812d81fa7b1827811b66ab13b9aeabc41e5ba0824be66ca47108
- Size
  
  104KB
- MD5
  
  94d3279571a9693083bd498d40eee3a6
- SHA1
  
  f164cd797361d5248bb85d3a7e76edfc5e38ef50
- SHA256
  
  46b76277c6dc812d81fa7b1827811b66ab13b9aeabc41e5ba0824be66ca47108
- SHA512
  
  375d8a1052e8fbc8a1df803efabdf97ebc41d579ca561f90db88a3c19677d31f6203b8f8d9536f9a8fd86d0d84f5f8b9061fc369092b10f4cc25f11b12350a5c
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Email Collection

1

T1114

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2