lokibot

General

Target

34e795488e0625e22a90142b9e49d6a38d565838e684aae5f021d9834869fa0c
Size

760KB
Sample

230129-za2f7sdf6v
MD5

2acfb24bce33aa6883607663b474a729
SHA1

485470af5d62eb60ab18d46de02fe14d80469540
SHA256

34e795488e0625e22a90142b9e49d6a38d565838e684aae5f021d9834869fa0c
SHA512

efc5cfbea2f0770bf4e830d3e9666bdc53e00273b29461814b1c3313f88739da7c752a568483aa91cf4696fa86b3fac8216d97312d5b62abc7841bbbabde535c
SSDEEP

12288:6OY93/Bg9Ax082uS7Xut9T4WQ+ehFD22xR8HeRRF/f8TrWl3sQw0vmo:6O23/G9Ax0H+9T4TFD22xR8HeRRF/rc0

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://51.195.53.221/p.php/qgZUTMW0pWR4Q

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  34e795488e0625e22a90142b9e49d6a38d565838e684aae5f021d9834869fa0c
- Size
  
  760KB
- MD5
  
  2acfb24bce33aa6883607663b474a729
- SHA1
  
  485470af5d62eb60ab18d46de02fe14d80469540
- SHA256
  
  34e795488e0625e22a90142b9e49d6a38d565838e684aae5f021d9834869fa0c
- SHA512
  
  efc5cfbea2f0770bf4e830d3e9666bdc53e00273b29461814b1c3313f88739da7c752a568483aa91cf4696fa86b3fac8216d97312d5b62abc7841bbbabde535c
- SSDEEP
  
  12288:6OY93/Bg9Ax082uS7Xut9T4WQ+ehFD22xR8HeRRF/f8TrWl3sQw0vmo:6O23/G9Ax0H+9T4TFD22xR8HeRRF/rc0
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- CustAttr .NET packer
  Detects CustAttr .NET packer in memory.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

CustAttr .NET packer

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2