lokibot | 043a034fc7bc6d03018a97823745a0898307d951a08e94c171778569db5b2be2 | Triage

Sharing

General

Target

MV TRANS-ASIA.xls
Size

683KB
Sample

230206-k97d6sda92
MD5

a009e0ab7c991a2f728da763d6c2a57e
SHA1

823ae45d1b02b640168a7eb85dfbd59910d6cd34
SHA256

043a034fc7bc6d03018a97823745a0898307d951a08e94c171778569db5b2be2
SHA512

d86f42d308c6ec717d3af12ee7b371b89037b116172025f800c08f38d7d75dbc6d2aae0fa1f9055341def5044ee4fb86ce3316f23ac5f2e58847984bdf29c984
SSDEEP

6144:W0rC6zzXaMANkizCBDEk2sG3figF8ESbuQD9cnLST5TI0rC6zzXaMANkizCBDEkV:39L5Tw925Tivp46gacgir

Score

10^/10

lokibot collection spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://171.22.30.164/mous/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  MV TRANS-ASIA.xls
- Size
  
  683KB
- MD5
  
  a009e0ab7c991a2f728da763d6c2a57e
- SHA1
  
  823ae45d1b02b640168a7eb85dfbd59910d6cd34
- SHA256
  
  043a034fc7bc6d03018a97823745a0898307d951a08e94c171778569db5b2be2
- SHA512
  
  d86f42d308c6ec717d3af12ee7b371b89037b116172025f800c08f38d7d75dbc6d2aae0fa1f9055341def5044ee4fb86ce3316f23ac5f2e58847984bdf29c984
- SSDEEP
  
  6144:W0rC6zzXaMANkizCBDEk2sG3figF8ESbuQD9cnLST5TI0rC6zzXaMANkizCBDEkV:39L5Tw925Tivp46gacgir
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Exploitation for Client Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Scripting

Credential Access

Credentials in Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojan

behavioral2