lokibot

General

Target

1b64551d984bdaffeabf6a04fece8c92784ebe08f64254dac9630a4b754c22b8.exe
Size

6KB
Sample

221018-e1c63sefgq
MD5

e50afa71c3a883dfb7ace4f22f4b6e96
SHA1

6b076f4da5557502c87f248db804d456ee7a686f
SHA256

1b64551d984bdaffeabf6a04fece8c92784ebe08f64254dac9630a4b754c22b8
SHA512

f20bf1418519c9076c7bd5ff83814e5ceb75f7bd2a72769de427458990be9f06b254249a3b3319e1e7816b052eaa44a340bee8e38febad2d7a96ac3d1a83e1ab
SSDEEP

96:Jr3ozMTIj78gVY40N9R02aBhkuifY5KW1YdaKNDc6NyWejFnU:d36rY/9i2whkuCY1ANLB

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://192.64.118.167/profile.php?id=6iMMKJHCU15sObupIn6Ll6LlnrEG0OS67FTRoBujDALrMfRvD

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  1b64551d984bdaffeabf6a04fece8c92784ebe08f64254dac9630a4b754c22b8.exe
- Size
  
  6KB
- MD5
  
  e50afa71c3a883dfb7ace4f22f4b6e96
- SHA1
  
  6b076f4da5557502c87f248db804d456ee7a686f
- SHA256
  
  1b64551d984bdaffeabf6a04fece8c92784ebe08f64254dac9630a4b754c22b8
- SHA512
  
  f20bf1418519c9076c7bd5ff83814e5ceb75f7bd2a72769de427458990be9f06b254249a3b3319e1e7816b052eaa44a340bee8e38febad2d7a96ac3d1a83e1ab
- SSDEEP
  
  96:Jr3ozMTIj78gVY40N9R02aBhkuifY5KW1YdaKNDc6NyWejFnU:d36rY/9i2whkuCY1ANLB
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Checks computer location settings

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2