lokibot | 5ee842917f1dd40b07e05e22fd23c051fb795422ab8bc70af4435128c73431dc | Triage

Sharing

General

Target

e9c8b2df79184fbe5b97854f53f28bdf_JaffaCakes118
Size

748KB
Sample

240409-mhsg2sga4w
MD5

e9c8b2df79184fbe5b97854f53f28bdf
SHA1

d3e25418978afb7fb3ca1daac5316f5d16838ad9
SHA256

5ee842917f1dd40b07e05e22fd23c051fb795422ab8bc70af4435128c73431dc
SHA512

bac0009f0923784b9ba2e8398657cae83bdb2cacc01cc4a23b7ffec71779eab0fdad20c69b64d29cfc349975279ef1b8acca9e1fe84c37470bae74362a13349c
SSDEEP

12288:BTb/HK7zqL2kvXH+Q6eQha/jpUCtMBmRI0za547RLMB48YAKORxml+rnmeV+9JNx:ce7XH+EOKdz/7RAfI

Score

10^/10

lokibot collection spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://manvim.co/fd14/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  e9c8b2df79184fbe5b97854f53f28bdf_JaffaCakes118
- Size
  
  748KB
- MD5
  
  e9c8b2df79184fbe5b97854f53f28bdf
- SHA1
  
  d3e25418978afb7fb3ca1daac5316f5d16838ad9
- SHA256
  
  5ee842917f1dd40b07e05e22fd23c051fb795422ab8bc70af4435128c73431dc
- SHA512
  
  bac0009f0923784b9ba2e8398657cae83bdb2cacc01cc4a23b7ffec71779eab0fdad20c69b64d29cfc349975279ef1b8acca9e1fe84c37470bae74362a13349c
- SSDEEP
  
  12288:BTb/HK7zqL2kvXH+Q6eQha/jpUCtMBmRI0za547RLMB48YAKORxml+rnmeV+9JNx:ce7XH+EOKdz/7RAfI
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojan

behavioral2

lokibotcollectionspywarestealertrojan