lokibot | fbab9ecd3a7ebde930f507faaa5d6c7a1b6e26ff3a6799eeb61de252871bfd80 | Triage

Sharing

General

Target

DHL Factura comercial.pdf.lzh
Size

401KB
Sample

220923-h5we1addh2
MD5

6fa72854826238038fb0cfdf1e23d5e6
SHA1

2c09b25c0116002dfbfcb2d3ca430b16c729a4a3
SHA256

fbab9ecd3a7ebde930f507faaa5d6c7a1b6e26ff3a6799eeb61de252871bfd80
SHA512

c1845fc59acef499922725ebc24dd241a6b0581518938cf5dbb72ed9850e1b9cbebde2694c0267790f24403a859c9fd7340003a53a6a99115a8b371a5655efb4
SSDEEP

6144:ighzcbLuClj4SBRRAqXOhxfqyj1NcY245bnAILUM+CWCCPZ8pT2esVvnunzNlKIC:itlEsChxSyjzcbEbAiUGCh1esVPunhoV

Score

10^/10

lokibot collection spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://sempersim.su/gk6/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  DHL Factura comercial.exe
- Size
  
  555KB
- MD5
  
  9752517ea5860e520580f5516972ce6c
- SHA1
  
  531a67f2f455b57a68cde8a838c0ef67a45097bc
- SHA256
  
  716d7b70dde7c1b542da15683310234907d8d73b9f01d29892a7e17d3f8752fb
- SHA512
  
  43dea58b6fb0b776c4440a091024260531e3fe94c5029b3cd772723159323919eeefc0e7ea1dd9e1307f80b8c55baa70d6ab1229bf3650e09c26d3c62d96daba
- SSDEEP
  
  12288:JtdXDdEzCcmeliA7sfo9/MnEh9JbQ8S3t6rnkU7rQZRoOQK4qaJaATzq7:JLzdEzCcRliA7sy/MnEh91QnJUIZiOQM
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojan