lokibot | 6deffbb2c41517cfcd64d62f5b4c159c5fb88b5157fa44877960c490ff23278b | Triage

Sharing

General

Target

6deffbb2c41517cfcd64d62f5b4c159c5fb88b5157fa44877960c490ff23278b
Size

751KB
Sample

230202-txja9ahf69
MD5

e380cc97a7f713e184f21bc979f921c7
SHA1

006f05a0dfc17123b4698e616e605fc3cbf91b7c
SHA256

6deffbb2c41517cfcd64d62f5b4c159c5fb88b5157fa44877960c490ff23278b
SHA512

9bf425a2ae29022a37949f57ffe38a393efb1073b1f27424ddebf5bbd35b79ceafd4451a54fa75430dc882502c8233d6ff70ae870880c279fe3fb83d6a84b4d8
SSDEEP

12288:H2iNZlSE+AJH6Eq9em8Y0hxyhcMOUBSew5gCX6Fy2Mxzo3pqG4yPa:H1dH+ABQgm8zxVzaZw6CX6F0xMpqG4yi

Score

10^/10

lokibot collection spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://171.22.30.147/kelly/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  6deffbb2c41517cfcd64d62f5b4c159c5fb88b5157fa44877960c490ff23278b
- Size
  
  751KB
- MD5
  
  e380cc97a7f713e184f21bc979f921c7
- SHA1
  
  006f05a0dfc17123b4698e616e605fc3cbf91b7c
- SHA256
  
  6deffbb2c41517cfcd64d62f5b4c159c5fb88b5157fa44877960c490ff23278b
- SHA512
  
  9bf425a2ae29022a37949f57ffe38a393efb1073b1f27424ddebf5bbd35b79ceafd4451a54fa75430dc882502c8233d6ff70ae870880c279fe3fb83d6a84b4d8
- SSDEEP
  
  12288:H2iNZlSE+AJH6Eq9em8Y0hxyhcMOUBSew5gCX6Fy2Mxzo3pqG4yPa:H1dH+ABQgm8zxVzaZw6CX6F0xMpqG4yi
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojan