lokibot | eee5109b395394fb7899319c800346434515c733d75664882bfd76156c38c2af | Triage

Sharing

General

Target

eee5109b395394fb7899319c800346434515c733d75664882bfd76156c38c2af
Size

199KB
Sample

230207-kbypdadf4t
MD5

ecd901a84b82d00a82d45b4d0123352c
SHA1

d8780c1bfa80cd77eee71e8d3bd58699cc3f114b
SHA256

eee5109b395394fb7899319c800346434515c733d75664882bfd76156c38c2af
SHA512

058658693bbc1e27a4feb2760112d8b7ead2e2b305b210fa3f53fcfdbd356c60aa2484264c89e634d521aa8e993054434efa6996992f5ce463e2d796b0d77518
SSDEEP

6144:/Ya6c/gRLtu+LizVGXUl45puYIlS7HpQd8l:/Y6IRLtu+LCc5HIc9Qil

Score

10^/10

lokibot collection spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

https://sempersim.su/ha1/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  eee5109b395394fb7899319c800346434515c733d75664882bfd76156c38c2af
- Size
  
  199KB
- MD5
  
  ecd901a84b82d00a82d45b4d0123352c
- SHA1
  
  d8780c1bfa80cd77eee71e8d3bd58699cc3f114b
- SHA256
  
  eee5109b395394fb7899319c800346434515c733d75664882bfd76156c38c2af
- SHA512
  
  058658693bbc1e27a4feb2760112d8b7ead2e2b305b210fa3f53fcfdbd356c60aa2484264c89e634d521aa8e993054434efa6996992f5ce463e2d796b0d77518
- SSDEEP
  
  6144:/Ya6c/gRLtu+LizVGXUl45puYIlS7HpQd8l:/Y6IRLtu+LCc5HIc9Qil
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojan