lokibot | 0fc909415368be8991f2eaf597ff2638a58f3f365a252f41385ff71b8818bb78 | Triage

Sharing

General

Target

ba8e34d80b184394dceb22152eeec2f3351c1616
Size

213KB
Sample

221007-bkkdnsbca8
MD5

577db388dd90afdb6411b3c297162bc1
SHA1

ba8e34d80b184394dceb22152eeec2f3351c1616
SHA256

0fc909415368be8991f2eaf597ff2638a58f3f365a252f41385ff71b8818bb78
SHA512

1b9ee048a5a49d08177913ec6f11b7c15e9cda8fcb347fb3465ebbd350022e7c3721fc14fbfa240974296135c7590939d96063363124e10d111862588a11625f
SSDEEP

6144:FDOg5Rr8fFEVEsvgJnW9wLu3Zmwac7l7MlZEVDS/:N589SEsvgJtq7l7MlZ5/

Score

10^/10

lokibot collection spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://ziuxte.online/o/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  ba8e34d80b184394dceb22152eeec2f3351c1616
- Size
  
  213KB
- MD5
  
  577db388dd90afdb6411b3c297162bc1
- SHA1
  
  ba8e34d80b184394dceb22152eeec2f3351c1616
- SHA256
  
  0fc909415368be8991f2eaf597ff2638a58f3f365a252f41385ff71b8818bb78
- SHA512
  
  1b9ee048a5a49d08177913ec6f11b7c15e9cda8fcb347fb3465ebbd350022e7c3721fc14fbfa240974296135c7590939d96063363124e10d111862588a11625f
- SSDEEP
  
  6144:FDOg5Rr8fFEVEsvgJnW9wLu3Zmwac7l7MlZEVDS/:N589SEsvgJtq7l7MlZ5/
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojan