lokibot

General

Target

DHL Express Receipt_pdf.exe
Size

509KB
Sample

230502-hzlnlsbh2z
MD5

0ba192257e5e8cc03aa4a32e94662d3c
SHA1

47aa5ded3911bf5dcf92853371729f23c43976f6
SHA256

d45f5ad41b7903babda50ffd7511660f1a092699c0ec56ca0dc347fccfe0f208
SHA512

390b176c49e6a5e2bd79ee945a8f6bf0db353b1a3af3ba9cf635db77dbe3909661f78690cb8286bbba011399d2fecbb280dbaeabda8e2e7caf8d07bfb31d4ba7
SSDEEP

6144:C445KrJ92bYUWcMZTPD57MgeEYjuY/jP5lBlP+D+Kgp0PySHCcA4+2CIntAz/CUy:9tdVcK5JijPplM+d+PgcA4+2C8

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://104.156.227.195/~blog/?p=369572314317708

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  DHL Express Receipt_pdf.exe
- Size
  
  509KB
- MD5
  
  0ba192257e5e8cc03aa4a32e94662d3c
- SHA1
  
  47aa5ded3911bf5dcf92853371729f23c43976f6
- SHA256
  
  d45f5ad41b7903babda50ffd7511660f1a092699c0ec56ca0dc347fccfe0f208
- SHA512
  
  390b176c49e6a5e2bd79ee945a8f6bf0db353b1a3af3ba9cf635db77dbe3909661f78690cb8286bbba011399d2fecbb280dbaeabda8e2e7caf8d07bfb31d4ba7
- SSDEEP
  
  6144:C445KrJ92bYUWcMZTPD57MgeEYjuY/jP5lBlP+D+Kgp0PySHCcA4+2CIntAz/CUy:9tdVcK5JijPplM+d+PgcA4+2C8
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2