lokibot | b0e9ab8722211e906494335f94c75e0b7ab1bbd53b2b036e0b316daa11c0e7fd | Triage

Sharing

General

Target

c21f8d352d2afd341355721a5f12f288.exe
Size

1.3MB
Sample

230514-xzqd5afe6x
MD5

c21f8d352d2afd341355721a5f12f288
SHA1

39bcc6535cb57b87f1a6074408b1823b8cb5e698
SHA256

b0e9ab8722211e906494335f94c75e0b7ab1bbd53b2b036e0b316daa11c0e7fd
SHA512

e9afd875c1c7a2c58f082d9b05edbfdd32e703e4122ab5802a28c2b9426720e9dfaebedcaafe10e492f89b457a84ba602d9396cd9a130698dbab46c9aa83f263
SSDEEP

24576:eCtDtoThLb5+pUBYf1hHsg20qKTCDiFg9JlN6UICNpJ+4zcCDdqkTzhjuBz2Wc:B8jqQKTCuilYEzcCDdqkTzhjuBz

Score

10^/10

lokibot collection persistence spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://104.156.227.195/~blog/?p=4734961764423

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  c21f8d352d2afd341355721a5f12f288.exe
- Size
  
  1.3MB
- MD5
  
  c21f8d352d2afd341355721a5f12f288
- SHA1
  
  39bcc6535cb57b87f1a6074408b1823b8cb5e698
- SHA256
  
  b0e9ab8722211e906494335f94c75e0b7ab1bbd53b2b036e0b316daa11c0e7fd
- SHA512
  
  e9afd875c1c7a2c58f082d9b05edbfdd32e703e4122ab5802a28c2b9426720e9dfaebedcaafe10e492f89b457a84ba602d9396cd9a130698dbab46c9aa83f263
- SSDEEP
  
  24576:eCtDtoThLb5+pUBYf1hHsg20qKTCDiFg9JlN6UICNpJ+4zcCDdqkTzhjuBz2Wc:B8jqQKTCuilYEzcCDdqkTzhjuBz
Score

10^/10

lokibot collection persistence spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectionpersistencespywarestealertrojan

behavioral2

lokibotcollectionpersistencespywarestealertrojan