lokibot

General

Target

tmp
Size

257KB
Sample

230822-mnm5hsdc3v
MD5

22bc409a1262d97b5f1cb8e85bccd6a8
SHA1

74cd5bf15abfb69eb4f823107726841866e581d1
SHA256

41806b559cc3d4245a5e2caac6f1fcc88684f6a4efe33c0d7665e137f2864c96
SHA512

b216041c2350537bd7f4640fd2e7898e05a750dc29f9fd8962db68c6c58e9c5a237b2b82303f6b18fb1da4b87ffc54788c4731f6729392618931efb1827982a5
SSDEEP

3072:ggfE2iXsetoLlYt5lVNCsyvitbFIgtQW8zOMmYqI4EmirgWSw0U175D0Ri:p8shly5lVMPvitb+W8zOMR0S6iVD

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://194.55.224.9/fresh1/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  tmp
- Size
  
  257KB
- MD5
  
  22bc409a1262d97b5f1cb8e85bccd6a8
- SHA1
  
  74cd5bf15abfb69eb4f823107726841866e581d1
- SHA256
  
  41806b559cc3d4245a5e2caac6f1fcc88684f6a4efe33c0d7665e137f2864c96
- SHA512
  
  b216041c2350537bd7f4640fd2e7898e05a750dc29f9fd8962db68c6c58e9c5a237b2b82303f6b18fb1da4b87ffc54788c4731f6729392618931efb1827982a5
- SSDEEP
  
  3072:ggfE2iXsetoLlYt5lVNCsyvitbFIgtQW8zOMmYqI4EmirgWSw0U175D0Ri:p8shly5lVMPvitb+W8zOMR0S6iVD
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1

T1552

Credentials In Files

1

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads user/profile data of web browsers

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2