lokibot | 0da91175e7d72a7ff2bcb3fd93f2ba7bbe4045f9c4dee5c9685c7fdf6da622a6 | Triage

Sharing

General

Target

suspect_file_1
Size

1.2MB
Sample

230328-mm661acb8t
MD5

66f33597cbf097345c51891ab951b641
SHA1

70ad543faecb496ca4c2318e0c8f81a8cbb8fb62
SHA256

0da91175e7d72a7ff2bcb3fd93f2ba7bbe4045f9c4dee5c9685c7fdf6da622a6
SHA512

d9d4f057dc3c09e1ba42c08ee204e86b569233378d2367a6d6cc67c67b5e2ef87c2b4b9387036bd76f6c06d085079b1f095399465d9e9278d8cd1569b0e02839
SSDEEP

24576:Pu6J33O0c+JY5UZ+XC0kGso6FaODoki222F0Eci4GIxmWY:5u0c++OCvkGs9FaOHN22F9QY

Score

10^/10

lokibot collection spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://naourl.com/data/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  suspect_file_1
- Size
  
  1.2MB
- MD5
  
  66f33597cbf097345c51891ab951b641
- SHA1
  
  70ad543faecb496ca4c2318e0c8f81a8cbb8fb62
- SHA256
  
  0da91175e7d72a7ff2bcb3fd93f2ba7bbe4045f9c4dee5c9685c7fdf6da622a6
- SHA512
  
  d9d4f057dc3c09e1ba42c08ee204e86b569233378d2367a6d6cc67c67b5e2ef87c2b4b9387036bd76f6c06d085079b1f095399465d9e9278d8cd1569b0e02839
- SSDEEP
  
  24576:Pu6J33O0c+JY5UZ+XC0kGso6FaODoki222F0Eci4GIxmWY:5u0c++OCvkGs9FaOHN22F9QY
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojan

behavioral2

lokibotcollectionspywarestealertrojan