lokibot | f52f70447cbebf182eeaa5a0a48ee305c59e00307b69a7eae7ea6517c0fb5bb6 | Triage

Sharing

General

Target

f52f70447cbebf182eeaa5a0a48ee305c59e00307b69a7eae7ea6517c0fb5bb6
Size

149KB
Sample

230129-xvm37sbg9s
MD5

1fe16c903136a091bf235245ee09b9d1
SHA1

83ef584729558e76d20491695acbb773af6f2b47
SHA256

f52f70447cbebf182eeaa5a0a48ee305c59e00307b69a7eae7ea6517c0fb5bb6
SHA512

c541ce43144deed3fd381bd760b1ce349a89b00b397e8056d06bbc98c7c733df99ebf42eb6c6c287c4fef45d419597b750092ec5e0a9d319852e69019f2c7706
SSDEEP

3072:rf1BDZ0kVB67Duw9AMcTbsxhicKW5QO8ND7kN8JBpdL0jIhz2bqSxbz5H/Tjju4S:r9X0Gfs+DOg0YdLAIllc/TjjuoKeXmd

Score

10^/10

lokibot collection spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://becharnise.ir/fb3/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  f52f70447cbebf182eeaa5a0a48ee305c59e00307b69a7eae7ea6517c0fb5bb6
- Size
  
  149KB
- MD5
  
  1fe16c903136a091bf235245ee09b9d1
- SHA1
  
  83ef584729558e76d20491695acbb773af6f2b47
- SHA256
  
  f52f70447cbebf182eeaa5a0a48ee305c59e00307b69a7eae7ea6517c0fb5bb6
- SHA512
  
  c541ce43144deed3fd381bd760b1ce349a89b00b397e8056d06bbc98c7c733df99ebf42eb6c6c287c4fef45d419597b750092ec5e0a9d319852e69019f2c7706
- SSDEEP
  
  3072:rf1BDZ0kVB67Duw9AMcTbsxhicKW5QO8ND7kN8JBpdL0jIhz2bqSxbz5H/Tjju4S:r9X0Gfs+DOg0YdLAIllc/TjjuoKeXmd
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojan

behavioral2

lokibotcollectionspywarestealertrojan