lokibot | b7836133ecd9f40f9fdd396ec3cc51992d69b81688b7b3e0de53d20c080d09e7 | Triage

Sharing

General

Target

b7836133ecd9f40f9fdd396ec3cc51992d69b81688b7b3e0de53d20c080d09e7
Size

324KB
Sample

230119-qbdxvsda2x
MD5

86c27f3cc27b9db588c38356ab608ebf
SHA1

f36937c1b7583b69860a32da95e69b94140d3970
SHA256

b7836133ecd9f40f9fdd396ec3cc51992d69b81688b7b3e0de53d20c080d09e7
SHA512

66a737ffa2e411e7c1583b24ff38f266507f6878e13b73f00510543a4ec0d76501cf797a878859649ad709797c1f0005cc05b62a3294a5f4057a3a8f9c087cf4
SSDEEP

3072:+fY/TU9fE9PEtuMEX2eGeSOCxIvUbEdJd9hCNjZa4UVRgp0t5pgrGhxXFJ3cJhsQ:oYa6mEmmvWGjmMVRgp07NPVJ3esje/

Score

10^/10

lokibot collection spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://171.22.30.147/cody/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  b7836133ecd9f40f9fdd396ec3cc51992d69b81688b7b3e0de53d20c080d09e7
- Size
  
  324KB
- MD5
  
  86c27f3cc27b9db588c38356ab608ebf
- SHA1
  
  f36937c1b7583b69860a32da95e69b94140d3970
- SHA256
  
  b7836133ecd9f40f9fdd396ec3cc51992d69b81688b7b3e0de53d20c080d09e7
- SHA512
  
  66a737ffa2e411e7c1583b24ff38f266507f6878e13b73f00510543a4ec0d76501cf797a878859649ad709797c1f0005cc05b62a3294a5f4057a3a8f9c087cf4
- SSDEEP
  
  3072:+fY/TU9fE9PEtuMEX2eGeSOCxIvUbEdJd9hCNjZa4UVRgp0t5pgrGhxXFJ3cJhsQ:oYa6mEmmvWGjmMVRgp07NPVJ3esje/
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojan