lokibot | 95b8e0bead7a576cc494ab4f34737a966d60abf551dae5e68c44a3be895c4913 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

95b8e0bead7a576cc494ab4f34737a966d60abf551dae5e68c44a3be895c4913
Size

994KB
Sample

230530-vckh9abb6t
MD5

f1e5a2bbd370d257c561ba6696165e5a
SHA1

763ddd437f8753b1e36dd7a0f3f9eadafdbbe52f
SHA256

95b8e0bead7a576cc494ab4f34737a966d60abf551dae5e68c44a3be895c4913
SHA512

0734e11f39619abb6fa2b71c75e52c3252abb2d594d8be50443a0aeb88cd2b0a0d6aaef35a04cc84f3a308fcae81bc730aa1bb2204efabd0d307c8e6a482540d
SSDEEP

24576:1geLaVUH999kDSMppARIWh5ECJhEW5fht4Y86o:S4BH9IgZ5fJOWR

Score

10^/10

lokibot collection spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://161.35.102.56/~nikol/?p=74818831363

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  95b8e0bead7a576cc494ab4f34737a966d60abf551dae5e68c44a3be895c4913
- Size
  
  994KB
- MD5
  
  f1e5a2bbd370d257c561ba6696165e5a
- SHA1
  
  763ddd437f8753b1e36dd7a0f3f9eadafdbbe52f
- SHA256
  
  95b8e0bead7a576cc494ab4f34737a966d60abf551dae5e68c44a3be895c4913
- SHA512
  
  0734e11f39619abb6fa2b71c75e52c3252abb2d594d8be50443a0aeb88cd2b0a0d6aaef35a04cc84f3a308fcae81bc730aa1bb2204efabd0d307c8e6a482540d
- SSDEEP
  
  24576:1geLaVUH999kDSMppARIWh5ECJhEW5fht4Y86o:S4BH9IgZ5fJOWR
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojan