lokibot | 861660dfbd8471081a50e80eb9103ecc16f17f61352e4c9fcf4582f79e439847 | Triage

Sharing

General

Target

861660dfbd8471081a50e80eb9103ecc16f17f61352e4c9fcf4582f79e439847
Size

444KB
Sample

230129-y4pttsbh77
MD5

61e3610e99cf93d96d79a1f3bf023a3b
SHA1

5ba9d8506042aa613bac7c68a263bbd037d79d0f
SHA256

861660dfbd8471081a50e80eb9103ecc16f17f61352e4c9fcf4582f79e439847
SHA512

be7579c4e4b5f5a96582cc2eafc8689ce6a13090b881677a9ae8ee1d24913a56604aafc438a21554ab8afffc49558e09efc41697085e521d6fae25148ea407b4
SSDEEP

12288:14JZcV9VV+VFpVCvVVOvt1ENcvez7206dVYHhTf0wXWRm:Ov0Nm06IHhT78m

Score

10^/10

lokibot collection spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://3tril.com/armani/Panel/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  861660dfbd8471081a50e80eb9103ecc16f17f61352e4c9fcf4582f79e439847
- Size
  
  444KB
- MD5
  
  61e3610e99cf93d96d79a1f3bf023a3b
- SHA1
  
  5ba9d8506042aa613bac7c68a263bbd037d79d0f
- SHA256
  
  861660dfbd8471081a50e80eb9103ecc16f17f61352e4c9fcf4582f79e439847
- SHA512
  
  be7579c4e4b5f5a96582cc2eafc8689ce6a13090b881677a9ae8ee1d24913a56604aafc438a21554ab8afffc49558e09efc41697085e521d6fae25148ea407b4
- SSDEEP
  
  12288:14JZcV9VV+VFpVCvVVOvt1ENcvez7206dVYHhTf0wXWRm:Ov0Nm06IHhT78m
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojan

behavioral2