lokibot | 6f7d710effbef4c9dde9997af6ca7790d879e8e190b21bd5a43e099b27f6eb8a | Triage

Sharing

General

Target

5c2f3610b4d02d7bdd87439ce17e49a51effefad
Size

345KB
Sample

230111-qm24tsgg41
MD5

da0210cb16a56636b2d28c3f542173e2
SHA1

5c2f3610b4d02d7bdd87439ce17e49a51effefad
SHA256

6f7d710effbef4c9dde9997af6ca7790d879e8e190b21bd5a43e099b27f6eb8a
SHA512

5adade7016a711ac7784355c151f7837758d056331649bf904cfa4a6b06084ea9441ab07bc5d6302e107f88e8209edc54a010c9c04c8b81ea4203215d66f4915
SSDEEP

3072:0fY/TU9fE9PEtuzhbiXCZDs68q72mIJJik3VNr8z9asJeEoArhZ/iZDM20jrsH+o:CYa69liXCj7mJF7SffodhcfE+R6

Score

10^/10

lokibot collection spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://171.22.30.147/kelly/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  5c2f3610b4d02d7bdd87439ce17e49a51effefad
- Size
  
  345KB
- MD5
  
  da0210cb16a56636b2d28c3f542173e2
- SHA1
  
  5c2f3610b4d02d7bdd87439ce17e49a51effefad
- SHA256
  
  6f7d710effbef4c9dde9997af6ca7790d879e8e190b21bd5a43e099b27f6eb8a
- SHA512
  
  5adade7016a711ac7784355c151f7837758d056331649bf904cfa4a6b06084ea9441ab07bc5d6302e107f88e8209edc54a010c9c04c8b81ea4203215d66f4915
- SSDEEP
  
  3072:0fY/TU9fE9PEtuzhbiXCZDs68q72mIJJik3VNr8z9asJeEoArhZ/iZDM20jrsH+o:CYa69liXCj7mJF7SffodhcfE+R6
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojan

behavioral2

lokibotcollectionspywarestealertrojan