lokibot | 85fb1682833c86f92b228b644d72fab46f888acdaeec26b8f7a4500a5635aab5 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

file.exe
Size

122KB
Sample

221030-zg2qjsahgj
MD5

04d5fd1eee4086db7f843c8306c48db3
SHA1

8d3eef0f55a54eb73e461f3917d6da7e43063270
SHA256

85fb1682833c86f92b228b644d72fab46f888acdaeec26b8f7a4500a5635aab5
SHA512

53b9c40ca539258391c2caf80688a1ec0702c1ecd25b5ce8657694114654b4fd65a1c5d0d5e5aba225b8923d7a386a745bf364d7b75fe649044124184a6a19f6
SSDEEP

3072:qUJoFfWzzl+cSMDAuXff6xUFl4NYuP0DlWgx2zMQm+GQFGoU:qweEpDAA949P0DlEPDS

Score

10^/10

lokibot collection spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://171.22.30.147/rostov/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  file.exe
- Size
  
  122KB
- MD5
  
  04d5fd1eee4086db7f843c8306c48db3
- SHA1
  
  8d3eef0f55a54eb73e461f3917d6da7e43063270
- SHA256
  
  85fb1682833c86f92b228b644d72fab46f888acdaeec26b8f7a4500a5635aab5
- SHA512
  
  53b9c40ca539258391c2caf80688a1ec0702c1ecd25b5ce8657694114654b4fd65a1c5d0d5e5aba225b8923d7a386a745bf364d7b75fe649044124184a6a19f6
- SSDEEP
  
  3072:qUJoFfWzzl+cSMDAuXff6xUFl4NYuP0DlWgx2zMQm+GQFGoU:qweEpDAA949P0DlEPDS
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojan

behavioral2

lokibotcollectionspywarestealertrojan