lokibot | d08d1a989a97dae9bb1392e4d7024832cd78379a7528f31dfcb8fd48261ad5b5 | Triage

Sharing

General

Target

d08d1a989a97dae9bb1392e4d7024832cd78379a7528f31dfcb8fd48261ad5b5
Size

751KB
Sample

230203-fbybdsah83
MD5

790dbaf50a1f32404df6b8229ae649b8
SHA1

f4d953f7f908923ed9f19a1e48b78972abe6b11d
SHA256

d08d1a989a97dae9bb1392e4d7024832cd78379a7528f31dfcb8fd48261ad5b5
SHA512

cab09af97245235ca047e09126df9f062760e06b306789bc7409c348206287fcb7c5e5c3f6ec8f5a0cb5704b5c9e03a5bd4c2aa0bd73a52e544a6a68aa41d0b5
SSDEEP

12288:02iNZlSE+At6Fy2MxzrZ2A8saJwwW+CzX4cy6FRgMrRjfhl5q799f3pqG4yPa:01dH+At6F0xZ18sewwW3rlngMljfbE76

Score

10^/10

lokibot collection spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://171.22.30.147/gk1/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  d08d1a989a97dae9bb1392e4d7024832cd78379a7528f31dfcb8fd48261ad5b5
- Size
  
  751KB
- MD5
  
  790dbaf50a1f32404df6b8229ae649b8
- SHA1
  
  f4d953f7f908923ed9f19a1e48b78972abe6b11d
- SHA256
  
  d08d1a989a97dae9bb1392e4d7024832cd78379a7528f31dfcb8fd48261ad5b5
- SHA512
  
  cab09af97245235ca047e09126df9f062760e06b306789bc7409c348206287fcb7c5e5c3f6ec8f5a0cb5704b5c9e03a5bd4c2aa0bd73a52e544a6a68aa41d0b5
- SSDEEP
  
  12288:02iNZlSE+At6Fy2MxzrZ2A8saJwwW+CzX4cy6FRgMrRjfhl5q799f3pqG4yPa:01dH+At6F0xZ18sewwW3rlngMljfbE76
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojan