lokibot

General

Target

68ecbd38d909725551e2fd279f8f2e4e68cb2e3614856007cb546007ac408843
Size

1.5MB
Sample

230129-x4vjmsag73
MD5

5ad4d5c4d199e5a667d0f4bfbf91a933
SHA1

2b683198abdcbf1e0854ecde9fd2e1e4c7dbb5c1
SHA256

68ecbd38d909725551e2fd279f8f2e4e68cb2e3614856007cb546007ac408843
SHA512

f61ad94a3a06636e64a42bdb8ac3f2d6453f01373ae53b5f3c26a912a0434f6cdf47a2b29c2b8f7516e63c4527c0760b3d43938beb45a5fb708237da7eba5545
SSDEEP

24576:+dI4r8MZ6RGuKfwBoEZYt6XYo3PPdLalx:97dHXYsL

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://51.195.53.221/p.php/UjL7jh4u2t3CH

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  68ecbd38d909725551e2fd279f8f2e4e68cb2e3614856007cb546007ac408843
- Size
  
  1.5MB
- MD5
  
  5ad4d5c4d199e5a667d0f4bfbf91a933
- SHA1
  
  2b683198abdcbf1e0854ecde9fd2e1e4c7dbb5c1
- SHA256
  
  68ecbd38d909725551e2fd279f8f2e4e68cb2e3614856007cb546007ac408843
- SHA512
  
  f61ad94a3a06636e64a42bdb8ac3f2d6453f01373ae53b5f3c26a912a0434f6cdf47a2b29c2b8f7516e63c4527c0760b3d43938beb45a5fb708237da7eba5545
- SSDEEP
  
  24576:+dI4r8MZ6RGuKfwBoEZYt6XYo3PPdLalx:97dHXYsL
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

CustAttr .NET packer

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2