lokibot

General

Target

f66fca14dcd938ccf088b075dba37a0caeb5a9133d565040cb3ab954fd536be4
Size

576KB
Sample

220707-pbrchsaba4
MD5

de4b784da11ed4f390a6702fe240e17d
SHA1

1f9ded7aa564b9be1a268078565edaf2a247f9cf
SHA256

f66fca14dcd938ccf088b075dba37a0caeb5a9133d565040cb3ab954fd536be4
SHA512

2fd0f7e440ec9e91e6bc970beebac5638bb814eec3b7b644bfb4693504c00302261275a2d81406c072ad9d4e7b4bc06b7163e7fec2641a6490f8848fb95f25a6

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://sempersim.su/gh20/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  f66fca14dcd938ccf088b075dba37a0caeb5a9133d565040cb3ab954fd536be4
- Size
  
  576KB
- MD5
  
  de4b784da11ed4f390a6702fe240e17d
- SHA1
  
  1f9ded7aa564b9be1a268078565edaf2a247f9cf
- SHA256
  
  f66fca14dcd938ccf088b075dba37a0caeb5a9133d565040cb3ab954fd536be4
- SHA512
  
  2fd0f7e440ec9e91e6bc970beebac5638bb814eec3b7b644bfb4693504c00302261275a2d81406c072ad9d4e7b4bc06b7163e7fec2641a6490f8848fb95f25a6
Score

10^/10

lokibot collection spyware stealer suricata trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
  suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M1
  suricata
- suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
  suricata: ET MALWARE LokiBot Application/Credential Data Exfiltration Detected M2
  suricata
- suricata: ET MALWARE LokiBot Checkin
  suricata: ET MALWARE LokiBot Checkin
  suricata
- suricata: ET MALWARE LokiBot Fake 404 Response
  suricata: ET MALWARE LokiBot Fake 404 Response
  suricata
- suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
  suricata: ET MALWARE LokiBot Request for C2 Commands Detected M1
  suricata
- suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
  suricata: ET MALWARE LokiBot Request for C2 Commands Detected M2
  suricata
- suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
  suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
  suricata
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1