lokibot | 76ae0354e5a2b078e21537bd939314116d7904b820af132c877c72354fccea9d | Triage

Sharing

General

Target

76ae0354e5a2b078e21537bd939314116d7904b820af132c877c72354fccea9d
Size

832KB
Sample

230208-xtbzjsdh71
MD5

f39a3b0c3ab67647abb51458a6a8608c
SHA1

cc6e1f8bfbac625ebc05437e4010c3f3596d7eb2
SHA256

76ae0354e5a2b078e21537bd939314116d7904b820af132c877c72354fccea9d
SHA512

3a7cc9ae2a63db46250e1f2a8275ce83ed4060f114e0408176602c2c74c4e85627cca9b60462f5537db63882c4dc07d17774280990fa1497058be1a04dfc8375
SSDEEP

12288:KiWlV/Dfrps1P4M/Qe0iIhBZfZywqRaIwFkLIZwzAbWlV/:QlpDTpQwMYefRyFI/kqlp

Score

10^/10

lokibot collection spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://208.67.105.148/china/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  76ae0354e5a2b078e21537bd939314116d7904b820af132c877c72354fccea9d
- Size
  
  832KB
- MD5
  
  f39a3b0c3ab67647abb51458a6a8608c
- SHA1
  
  cc6e1f8bfbac625ebc05437e4010c3f3596d7eb2
- SHA256
  
  76ae0354e5a2b078e21537bd939314116d7904b820af132c877c72354fccea9d
- SHA512
  
  3a7cc9ae2a63db46250e1f2a8275ce83ed4060f114e0408176602c2c74c4e85627cca9b60462f5537db63882c4dc07d17774280990fa1497058be1a04dfc8375
- SSDEEP
  
  12288:KiWlV/Dfrps1P4M/Qe0iIhBZfZywqRaIwFkLIZwzAbWlV/:QlpDTpQwMYefRyFI/kqlp
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojan