lokibot

General

Target

Swift_Inv23-SJ017_Trial_19052023.zip
Size

478KB
Sample

230605-tmc2gsaa81
MD5

8a38c2346f0e0d16cab22aff33ce4c48
SHA1

79b6f9cc83367ad1e37cd2e3e2d4744d563036c0
SHA256

437f6db5aa3eb993ca403b2b9dc991d9416c4b45fa378a377d349020fd6852e1
SHA512

a9f29afc2124d59476923ed64f9ffd544efaafad03fdb292fb2465cd57cc8618f7adb4c939876b3003fcd064d5a35fa19039704800fcca17848beb4b68b83e78
SSDEEP

12288:BLl4wjrZgO7JCzRJKpV/AXVEbsjA5ML/Mzp5M9BM9:Bewj9JCzXyV/AXVD/M1y9B8

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://185.246.220.85/project/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  Swift_Inv23-SJ017_Trial_19052023.exe
- Size
  
  624KB
- MD5
  
  461435a0209320befa140d18ed5db575
- SHA1
  
  d858aa46e07657eb836cb554d86710a5ca6d4cc1
- SHA256
  
  e523dd1e51303c2be9fe5cccef1960524a5b6de9bb2aeab9e4e4cfc94c86db32
- SHA512
  
  1bfbede6ae8f178a60b46c1f9a01025b0e9f100b01a17fc67bffd10992d1c85af58e0a32df00052a6c3acab4019045fae0b9ec9226f756ebbeb30d0c5c175a80
- SSDEEP
  
  12288:PvV+s1bSQT6tjjdB40qlhueo7lCDRLKRQksHjVRJEaLx6sohHZBgqWwzAi:PtpDuewlCDlwzIjJEkxHc5J
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2