lokibot

General

Target

956077f1fd25f5a028cb77525736d4849858aa39f0350f4964ae5b6545942309
Size

471KB
Sample

230129-yhk9hsbd35
MD5

054029d409f0924a06a72f86e93f6145
SHA1

386806b7e3dc9d9fce51315f12ede269f29f96a9
SHA256

956077f1fd25f5a028cb77525736d4849858aa39f0350f4964ae5b6545942309
SHA512

f1cda14943f439f9629d4690890ea87d0ec416fe08a8eac36fcdc711c45469083463c8b6d3f4ae11b8add75339b18be337e98d82a179e984faf5a1d0cd4f868e
SSDEEP

6144:h2n8KahFe1iPwAKmQoe6bvTumX8Zhq43Rob+7lhd8kxsVdQuFkvd:wn8vhFe127QoJ7KWyh/obO3d8DV5kvd

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://51.195.53.221/p.php/ZtkNeeK6C94X6

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  956077f1fd25f5a028cb77525736d4849858aa39f0350f4964ae5b6545942309
- Size
  
  471KB
- MD5
  
  054029d409f0924a06a72f86e93f6145
- SHA1
  
  386806b7e3dc9d9fce51315f12ede269f29f96a9
- SHA256
  
  956077f1fd25f5a028cb77525736d4849858aa39f0350f4964ae5b6545942309
- SHA512
  
  f1cda14943f439f9629d4690890ea87d0ec416fe08a8eac36fcdc711c45469083463c8b6d3f4ae11b8add75339b18be337e98d82a179e984faf5a1d0cd4f868e
- SSDEEP
  
  6144:h2n8KahFe1iPwAKmQoe6bvTumX8Zhq43Rob+7lhd8kxsVdQuFkvd:wn8vhFe127QoJ7KWyh/obO3d8DV5kvd
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

CustAttr .NET packer

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2