lokibot

General

Target

BL.xls
Size

1.1MB
Sample

231114-k3rp5sag56
MD5

91222b1c4d13f8da0e1d03d2e50cbf73
SHA1

e72f9d439b15041a68ecebe1f9b471e08916b4f8
SHA256

298805a57b73da0f7a597a33d23a9b567ad577f3486903b2417abfdd45ab3196
SHA512

47e38c4d4419957fdba22f78cc0765ff6492b940d21dc460d3d8bf380d621608e8bd5fb4c464a2d1d2d4b21ffd065b9703be38226298f0b4cfa4755cba09c0f5
SSDEEP

24576:gBdw6/0ZyU3bVNw6/wZyc3bVrkATwx6ZxiJvWRT0lxO:b6/m93bV+6/CL3bVrLTrrAvWRTGE

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

https://sempersim.su/a14/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  BL.xls
- Size
  
  1.1MB
- MD5
  
  91222b1c4d13f8da0e1d03d2e50cbf73
- SHA1
  
  e72f9d439b15041a68ecebe1f9b471e08916b4f8
- SHA256
  
  298805a57b73da0f7a597a33d23a9b567ad577f3486903b2417abfdd45ab3196
- SHA512
  
  47e38c4d4419957fdba22f78cc0765ff6492b940d21dc460d3d8bf380d621608e8bd5fb4c464a2d1d2d4b21ffd065b9703be38226298f0b4cfa4755cba09c0f5
- SSDEEP
  
  24576:gBdw6/0ZyU3bVNw6/wZyc3bVrkATwx6ZxiJvWRT0lxO:b6/m93bV+6/CL3bVrLTrrAvWRTGE
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Downloads MZ/PE file
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Exploitation for Client Execution

1

T1203

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Downloads MZ/PE file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2