lokibot | 27aa317bbacc8085ade8537ef529b80bcddc8046e84e1b33a90371f466ab4c64 | Triage

Sharing

General

Target

4b64cae8018cc026f20cabbb508b3610e735b862.rar.tar.gz
Size

648KB
Sample

240419-rldkhsed93
MD5

6b65c9d80703be2dfc1fa06f926dd3c6
SHA1

8b7a178cc6bff6bf228d0a18e3582105f91ffe61
SHA256

27aa317bbacc8085ade8537ef529b80bcddc8046e84e1b33a90371f466ab4c64
SHA512

f7d9329a01f1dc05ae5fb8dda3806796aff8fc3a9fee145af6606c20c97b308dbd6ede5f4bc3c0d0f884c2a698e165468ce8683e91683bf68c183379ebf13766
SSDEEP

12288:6PLWASPDDFienLDJsUyjCtcpA/22PrZnr/SEq3O73lGdslkLWpmA2w:wWAiDDfHJsMBhS53wUmkLWR

Score

10^/10

lokibot collection spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://spencerstuartllc.top/document/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  specification T1O119H_Rev.scr
- Size
  
  869KB
- MD5
  
  512f5096a3736ef6b2ff63c940bf138e
- SHA1
  
  e9308be425a6f5c029d53a7fe30138985df50c4d
- SHA256
  
  5fbbba408dde7a9604d01e8d58fda635c12c00e125dd33c02222d41403a66d3f
- SHA512
  
  716771edbcea28276106658581e40f5a4ba3511031f7bde9b23bddb723a147a689c181a281167ff6a69d42170b880673e2a407593e0062398932a1e12afb12be
- SSDEEP
  
  12288:U9L6LYZ3lyUWHgKpmO+esiobYRLpeSm9DjiZjxs05xzkR:+uLYZ3lyUWHgKIO+msSIQ6+xm
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojan

behavioral2

lokibotcollectionspywarestealertrojan