lokibot

General

Target

TRANSFERENCIA RÁPIDA.exe
Size

516KB
Sample

230206-vllgxaac3y
MD5

38e7aacad8e6cd46fc2dddfa743b223f
SHA1

e1e48d6876856ddefb800d2d9f15efee5ed64ff6
SHA256

a2030b4cc31eeba0dec3265f4a30324f1825bd5c2fcff922836d7d4d8cfb085e
SHA512

48c2b0b8d2e54c27063e0fd68012fc2fe7fab2422ce85d7cd7876cfb0d872724a839f54a650749b999b55d74df73ff6a584adbee7de25499fa7410dc41f65a18
SSDEEP

12288:V6LPDcQVElDne7f4WYMTyPdLX2tuCAe/ZX55x8qdAZBWf5i7qAO4Nxbe+FiFF6:Vgc0y7MTyPdLX2tuCAe/ZXxL+rOkbe+s

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

https://sempersim.su/ha7/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  TRANSFERENCIA RÁPIDA.exe
- Size
  
  516KB
- MD5
  
  38e7aacad8e6cd46fc2dddfa743b223f
- SHA1
  
  e1e48d6876856ddefb800d2d9f15efee5ed64ff6
- SHA256
  
  a2030b4cc31eeba0dec3265f4a30324f1825bd5c2fcff922836d7d4d8cfb085e
- SHA512
  
  48c2b0b8d2e54c27063e0fd68012fc2fe7fab2422ce85d7cd7876cfb0d872724a839f54a650749b999b55d74df73ff6a584adbee7de25499fa7410dc41f65a18
- SSDEEP
  
  12288:V6LPDcQVElDne7f4WYMTyPdLX2tuCAe/ZX55x8qdAZBWf5i7qAO4Nxbe+FiFF6:Vgc0y7MTyPdLX2tuCAe/ZXxL+rOkbe+s
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2