lokibot | ecb00bb8fd9f9fb3de654096a3590e73ac39793e1c8dd3e30d8e859b91c257d8 | Triage

Sharing

General

Target

cf39830b73897e3588e5b592ec2ff732.exe
Size

134KB
Sample

221122-sgqvqabf7y
MD5

cf39830b73897e3588e5b592ec2ff732
SHA1

bce1d08085a637a8347f878261d62218841ad573
SHA256

ecb00bb8fd9f9fb3de654096a3590e73ac39793e1c8dd3e30d8e859b91c257d8
SHA512

ecf7c180f993287a442b0123472af9916dc3eceadf3a78ced43f40165dbafcf5b2af33742d7968cb852c5924d68001d755abca5868d0bbb9c70548825cbec8b8
SSDEEP

3072:WfJSq+ytGIon9KcSMg3tK+fkoBysc4pCFNu7stsmSM55LPVhPQ6e3Gn5h6sZFJ:MEa0NWtDs+ckCFNud8ZFz9msh

Score

10^/10

lokibot collection spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://208.67.105.161/durtch/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  cf39830b73897e3588e5b592ec2ff732.exe
- Size
  
  134KB
- MD5
  
  cf39830b73897e3588e5b592ec2ff732
- SHA1
  
  bce1d08085a637a8347f878261d62218841ad573
- SHA256
  
  ecb00bb8fd9f9fb3de654096a3590e73ac39793e1c8dd3e30d8e859b91c257d8
- SHA512
  
  ecf7c180f993287a442b0123472af9916dc3eceadf3a78ced43f40165dbafcf5b2af33742d7968cb852c5924d68001d755abca5868d0bbb9c70548825cbec8b8
- SSDEEP
  
  3072:WfJSq+ytGIon9KcSMg3tK+fkoBysc4pCFNu7stsmSM55LPVhPQ6e3Gn5h6sZFJ:MEa0NWtDs+ckCFNud8ZFz9msh
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojan

behavioral2

lokibotcollectionspywarestealertrojan