lokibot | 01400634bbd5911a1b6852388d606faad53204fc1c815eb128aa17fb4eab7cee | Triage

Sharing

General

Target

01400634bbd5911a1b6852388d606faad53204fc1c815eb128aa17fb4eab7cee
Size

114KB
Sample

231011-k6bs4afc28
MD5

a67e17d2a8a472b156939f973df66a2e
SHA1

b54f3aafb43fda94733beda1a893099faaaa0384
SHA256

01400634bbd5911a1b6852388d606faad53204fc1c815eb128aa17fb4eab7cee
SHA512

04ddfa4deee45af44c64e65b8055c637b6582423ee59c794f5f2d35f7069e63f60188a17e637a124c3caf46d33a8b5450db80189f0f932339f98c535ae8e1d68
SSDEEP

3072:V++kKkcqR0gla7N0GiQo8/gn74NHRBdmc6G40Vl:VJkBcqRlSrHRBEcZVl

Score

10^/10

lokibot collection spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://ugopounds.caesarsgroup.top/_errorpages/ugopounds/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  Gizir San Tic A.Ş SİPARİŞ TALEPFiyat ve teslim talebi.xlsx.exe
- Size
  
  580KB
- MD5
  
  fcc77de74364440a6aec94c1d283ac40
- SHA1
  
  4abb3f76dddb852bd310b6b001a3e9ec8ebdd38d
- SHA256
  
  91bff23f123fb307a7baebb69281c6d17f65fc7d3c7891bbbe7df3b486e4d10c
- SHA512
  
  b52da479b002242d71974803e2e1647aa94eeac2f6b548692c25837a0e221b3ee87e032622582af7559d7dcb49660f66bca02f7a489de251687925e664326794
- SSDEEP
  
  3072:9z88Ptd2epEFbMkbNZG46Xz3kFE0bFd+m0de2fcRMBLEFx11Hiv2MN+NFh8jG7Q1:9z88BjkbNNhNHG+96+NFh8LKi
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojan

behavioral2

lokibotcollectionspywarestealertrojan