lokibot

Resubmissions

01/01/2023, 12:51

230101-p3zg7sbf99 10

01/01/2023, 12:47

230101-p1mqmaeh5x 10

30/12/2022, 10:32

221230-mkzddaaf8w 10

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Trojan.MSIL.Basic.8.Gen.3430.21389.exe
Size

304KB
Sample

230101-p3zg7sbf99
MD5

89b6536a7ae2ea35573a49f99d80f43e
SHA1

f4b25d9cab0bf6b32b7fd368119975ee75775940
SHA256

75f3ada6a5d7bf870af3e1f66cd00e437ae13d44a627d841239a4cbe5d53b1fe
SHA512

ff4fd6c8bade289e4024545e1619632563c34ac2d64aa44c770b508327f96edfdee8a972c935989d2fb90601514dc2873e97948e4275477d2209d7dfa8528db1
SSDEEP

3072:n7kikqM0F/M9xWttlRp/KzjqGCCaeeAWomPDL4VhBjnMvHlGDu2e9cMFGYhzFfqi:nG7WttAzjqljQ3IvHlouxcAG42uZ

Score

10^/10

Malware Config

Extracted

Family

lokibot

http://46.21.147.34/51124/logs/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  SecuriteInfo.com.Trojan.MSIL.Basic.8.Gen.3430.21389.exe
- Size
  
  304KB
- MD5
  
  89b6536a7ae2ea35573a49f99d80f43e
- SHA1
  
  f4b25d9cab0bf6b32b7fd368119975ee75775940
- SHA256
  
  75f3ada6a5d7bf870af3e1f66cd00e437ae13d44a627d841239a4cbe5d53b1fe
- SHA512
  
  ff4fd6c8bade289e4024545e1619632563c34ac2d64aa44c770b508327f96edfdee8a972c935989d2fb90601514dc2873e97948e4275477d2209d7dfa8528db1
- SSDEEP
  
  3072:n7kikqM0F/M9xWttlRp/KzjqGCCaeeAWomPDL4VhBjnMvHlGDu2e9cMFGYhzFfqi:nG7WttAzjqljQ3IvHlouxcAG42uZ
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Email Collection

T1114

Command and Control

Exfiltration

Impact

Tasks

Resubmissions

Sharing

General

Malware Config

Extracted

Targets

Checks computer location settings

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2