lokibot

General

Target

f6e7c3b2fcd2944e123bc68b46f881d266a5099e36b65a4d3fbc9e04195d603a
Size

858KB
Sample

230129-z9asjadc93
MD5

342ac5fa7bbc97dc1b30194edcb36194
SHA1

c228f11363a71e968a798ff9348291968fd4e525
SHA256

f6e7c3b2fcd2944e123bc68b46f881d266a5099e36b65a4d3fbc9e04195d603a
SHA512

953b12448e2ae40e8c7667178a80083ebdbf528eb6ccee3d32ee0ee51a3235d89dd337100ba708ae6e874d1b4e1a699fe2fdb86287130a3585de369bfaa956dd
SSDEEP

12288:XLJYn4y5kSN2GKPv61ig2j78A/VPsPdoAVPas1ZsUDrrxN6pdvUU3dIQbZlcnIKP:6nxi/9P+28AquAVzcUD5NMdvU

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://51.195.53.221/p.php/ZtkNeeK6C94X6

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  f6e7c3b2fcd2944e123bc68b46f881d266a5099e36b65a4d3fbc9e04195d603a
- Size
  
  858KB
- MD5
  
  342ac5fa7bbc97dc1b30194edcb36194
- SHA1
  
  c228f11363a71e968a798ff9348291968fd4e525
- SHA256
  
  f6e7c3b2fcd2944e123bc68b46f881d266a5099e36b65a4d3fbc9e04195d603a
- SHA512
  
  953b12448e2ae40e8c7667178a80083ebdbf528eb6ccee3d32ee0ee51a3235d89dd337100ba708ae6e874d1b4e1a699fe2fdb86287130a3585de369bfaa956dd
- SSDEEP
  
  12288:XLJYn4y5kSN2GKPv61ig2j78A/VPsPdoAVPas1ZsUDrrxN6pdvUU3dIQbZlcnIKP:6nxi/9P+28AquAVzcUD5NMdvU
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Email Collection

1

T1114

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

CustAttr .NET packer

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2