lokibot | b3bb12ae88279341ff46626660249155b11effa41f3389ace07f4aa6f1045f8c | Triage

Sharing

General

Target

C4B632F0468DAE6A10B67D50A2F6E322.exe
Size

368KB
Sample

240422-dwbl1seh23
MD5

c4b632f0468dae6a10b67d50a2f6e322
SHA1

ca3a42cb757d86d86c2859b2a5d5250d857128c3
SHA256

b3bb12ae88279341ff46626660249155b11effa41f3389ace07f4aa6f1045f8c
SHA512

7113e3cd8e732dc89da73d81e186cc026364588a7abe36f65ba05a28fc2f56bce72083b0fcd692f0495e897feaafeffdb53d761727a0fd0288fe5cecb5451edf
SSDEEP

6144:k4651c9nt3FAIHysm374mPKHCZukBsbh3Wnb22X3ASFL5TrJ9D0+L8wu2+gI:RZ7F1y5hcW+sbxQeL5TrD0+L8wu2+9

Score

10^/10

lokibot collection spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://91.92.253.228/tjmkdc/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  C4B632F0468DAE6A10B67D50A2F6E322.exe
- Size
  
  368KB
- MD5
  
  c4b632f0468dae6a10b67d50a2f6e322
- SHA1
  
  ca3a42cb757d86d86c2859b2a5d5250d857128c3
- SHA256
  
  b3bb12ae88279341ff46626660249155b11effa41f3389ace07f4aa6f1045f8c
- SHA512
  
  7113e3cd8e732dc89da73d81e186cc026364588a7abe36f65ba05a28fc2f56bce72083b0fcd692f0495e897feaafeffdb53d761727a0fd0288fe5cecb5451edf
- SSDEEP
  
  6144:k4651c9nt3FAIHysm374mPKHCZukBsbh3Wnb22X3ASFL5TrJ9D0+L8wu2+gI:RZ7F1y5hcW+sbxQeL5TrD0+L8wu2+9
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojan

behavioral2

lokibotcollectionspywarestealertrojan