lokibot

General

Target

f03a5e31764f574e856fb435a09dcfffea1d9389ee1c75386cbd7299d787b052
Size

588KB
Sample

220707-k2177accf8
MD5

f55aa157a2118a37c84ba2cf44f5846d
SHA1

230db77dcb2794468010e7edc6ccd9c3dcc478e5
SHA256

f03a5e31764f574e856fb435a09dcfffea1d9389ee1c75386cbd7299d787b052
SHA512

73c0037136ba1712d581f253b143ce6ee567c4085ca963710f091bbb5eb9c46ae39f3b4f523494d4676e167ca7c51ec3d120d1de1a3b31fecfa1b71d315c1e84

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://sempersim.su/gh20/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  f03a5e31764f574e856fb435a09dcfffea1d9389ee1c75386cbd7299d787b052
- Size
  
  588KB
- MD5
  
  f55aa157a2118a37c84ba2cf44f5846d
- SHA1
  
  230db77dcb2794468010e7edc6ccd9c3dcc478e5
- SHA256
  
  f03a5e31764f574e856fb435a09dcfffea1d9389ee1c75386cbd7299d787b052
- SHA512
  
  73c0037136ba1712d581f253b143ce6ee567c4085ca963710f091bbb5eb9c46ae39f3b4f523494d4676e167ca7c51ec3d120d1de1a3b31fecfa1b71d315c1e84
Score

10^/10

lokibot collection spyware stealer suricata trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
  suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
  suricata
- suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
  suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
  suricata
- suricata: ET MALWARE LokiBot Checkin
  suricata: ET MALWARE LokiBot Checkin
  suricata
- suricata: ET MALWARE LokiBot Fake 404 Response
  suricata: ET MALWARE LokiBot Fake 404 Response
  suricata
- suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
  suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
  suricata
- suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
  suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
  suricata
- suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
  suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
  suricata
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1