lokibot | dcbc92adad76b47adbaada514dd7d85bcac9f3a6a5482ce7b7ba8db388330d53 | Triage

Sharing

General

Target

DHL_COMM.EXE
Size

497KB
Sample

220915-n6r2vsgffq
MD5

aa55c476d3c7f83e238c844dfff6ddcb
SHA1

059704b9215a1fc2e5c9f7977e857690b94e8732
SHA256

dcbc92adad76b47adbaada514dd7d85bcac9f3a6a5482ce7b7ba8db388330d53
SHA512

793e81f14cbdbed979b46fb87418050dffb30208fb84850588f730c25cbb6bfa204df95d3800f8ccf414cde50003d80c30e59994f17091fc4d2406b09ff40ccc
SSDEEP

12288:38MdpVWrUnQMLNMJzi4tST9OJP/aJpCT2TY:38YH8U7LSLtSp2/aKI

Score

10^/10

lokibot collection spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://sempersim.su/gk6/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  DHL_COMM.EXE
- Size
  
  497KB
- MD5
  
  aa55c476d3c7f83e238c844dfff6ddcb
- SHA1
  
  059704b9215a1fc2e5c9f7977e857690b94e8732
- SHA256
  
  dcbc92adad76b47adbaada514dd7d85bcac9f3a6a5482ce7b7ba8db388330d53
- SHA512
  
  793e81f14cbdbed979b46fb87418050dffb30208fb84850588f730c25cbb6bfa204df95d3800f8ccf414cde50003d80c30e59994f17091fc4d2406b09ff40ccc
- SSDEEP
  
  12288:38MdpVWrUnQMLNMJzi4tST9OJP/aJpCT2TY:38YH8U7LSLtSp2/aKI
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

lokibotcollectionspywarestealertrojan