lokibot | ae4a3ef24f5482b9344969457ac89e08d2598a3721f1725325e86039758f91a2 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ae4a3ef24f5482b9344969457ac89e08d2598a3721f1725325e86039758f91a2
Size

1.2MB
Sample

230305-p7hegsge25
MD5

8679b819469d9556df85bb0c6b515919
SHA1

769b84bfb204d410452021bf7b174ce6c29a855a
SHA256

ae4a3ef24f5482b9344969457ac89e08d2598a3721f1725325e86039758f91a2
SHA512

9ee52f2b5df8c9afa3c202d2f9626190ff692d1d23ccc31948adc84cb98bce522defef866a81e1469c4199637addebe0310d71522d72518c5642e6bc828a5978
SSDEEP

12288:YsUkMw/MOEAlI3MzSSV93x521sNZldWtRhWWYFt+/RKjHef3DShfANQAID3f:h30YdSSnkQdkYWaVjHoSKNI

Score

10^/10

lokibot collection spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://185.246.220.85/fresh/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  ae4a3ef24f5482b9344969457ac89e08d2598a3721f1725325e86039758f91a2
- Size
  
  1.2MB
- MD5
  
  8679b819469d9556df85bb0c6b515919
- SHA1
  
  769b84bfb204d410452021bf7b174ce6c29a855a
- SHA256
  
  ae4a3ef24f5482b9344969457ac89e08d2598a3721f1725325e86039758f91a2
- SHA512
  
  9ee52f2b5df8c9afa3c202d2f9626190ff692d1d23ccc31948adc84cb98bce522defef866a81e1469c4199637addebe0310d71522d72518c5642e6bc828a5978
- SSDEEP
  
  12288:YsUkMw/MOEAlI3MzSSV93x521sNZldWtRhWWYFt+/RKjHef3DShfANQAID3f:h30YdSSnkQdkYWaVjHoSKNI
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojan