lokibot

General

Target

a4da7bf70173e249f33d366d3ea3b39b25e1d25bb09d21b8ac5e1f4ef1aa8a0e
Size

534KB
Sample

240417-qm3qcsag8x
MD5

f0148b006614301ca6a4ee9866eaf53b
SHA1

42171284da0b772b0909507c46f5dadc4b300d23
SHA256

a4da7bf70173e249f33d366d3ea3b39b25e1d25bb09d21b8ac5e1f4ef1aa8a0e
SHA512

cc3dbd41f042411299b865dc6153cb9b21e4398a4bb9aa5f53f8d066d42483898fc5a3811668a93348a3e866aff66db1e7db7b33f021659f501bf50693a3bff1
SSDEEP

12288:MZrNJQ/OC4Na38lsymu+Kczw5fr08Xj++zJz4ZtgaPrLGmriilD/9ZwI:MZr0/OG3lyvr1ZTAZ6aeyt/9ZJ

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://sempersim.su/c19/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  e20cf5c319fe815eb1845556289e56f8c3241019a907adb6f4a33e8dc9ecab59.exe
- Size
  
  559KB
- MD5
  
  f13f9ca5ede930df8310e504372ca4e5
- SHA1
  
  bd28bfbb2472cd7f66be9cfcc11b77c17d08cec7
- SHA256
  
  e20cf5c319fe815eb1845556289e56f8c3241019a907adb6f4a33e8dc9ecab59
- SHA512
  
  ffe9fc1378bd084fa785c2d9361c32dcc740355d208b425647b3a0e5b02f8040154e60595e62c8100728ed4ded99c1d9ce3c69de3a8ce4226d50be0c5955850a
- SSDEEP
  
  12288:CsHzOUNUSB/o5LsI1uwajJ5yvv1l2ihNYL+58d2:ViUmSB/o5d1ubcvvu+502
Score

10^/10

lokibot collection spyware stealer trojan upx
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
- Accesses Microsoft Outlook profiles
  collection
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1

T1114

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

UPX packed file

Accesses Microsoft Outlook profiles

AutoIT Executable

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2