lokibot | b8d864b09ba66e1cff809b9700c8ef000b2d4ccbaba47c5da69bb7cf44a28795 | Triage

Sharing

General

Target

Swift Copy.exe
Size

182KB
Sample

221028-qsj57sgbfn
MD5

50d9d10506adb6700bb3e0df6d17a5be
SHA1

e11b8c33ea7fa0618fbca8ef6828c2081835e944
SHA256

b8d864b09ba66e1cff809b9700c8ef000b2d4ccbaba47c5da69bb7cf44a28795
SHA512

07a2e25c29ec2c6f1f3f9e51780c0db622e69cd9a56e437c23a5258425b71da7207698f07b9310f9e1ad5fb27a2628d14bd60903bdb81c8db8c6e09a89464593
SSDEEP

3072:qUJoFfWzzl+cSMGGKeoyShiKF9nc+PAukezQLVqM+ZPjZag0dWvsqDbKAnrE7t6D:qweEpGaobF9nBAukeELV50lagLvn+Ao+

Score

10^/10

lokibot collection persistence spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://208.67.105.161/starmoney/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  Swift Copy.exe
- Size
  
  182KB
- MD5
  
  50d9d10506adb6700bb3e0df6d17a5be
- SHA1
  
  e11b8c33ea7fa0618fbca8ef6828c2081835e944
- SHA256
  
  b8d864b09ba66e1cff809b9700c8ef000b2d4ccbaba47c5da69bb7cf44a28795
- SHA512
  
  07a2e25c29ec2c6f1f3f9e51780c0db622e69cd9a56e437c23a5258425b71da7207698f07b9310f9e1ad5fb27a2628d14bd60903bdb81c8db8c6e09a89464593
- SSDEEP
  
  3072:qUJoFfWzzl+cSMGGKeoyShiKF9nc+PAukezQLVqM+ZPjZag0dWvsqDbKAnrE7t6D:qweEpGaobF9nBAukeELV50lagLvn+Ao+
Score

10^/10

lokibot collection persistence spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectionpersistencespywarestealertrojan

behavioral2

lokibotcollectionpersistencespywarestealertrojan