lokibot | e28acc7854e14ca67082eef530bb7fbc295dc03836fff2398aa5531997fdadcd | Triage

Sharing

General

Target

0c5ce8ee57e868e3ec0f26d9b7f602c3_JaffaCakes118
Size

694KB
Sample

240501-vqak7sbh3s
MD5

0c5ce8ee57e868e3ec0f26d9b7f602c3
SHA1

c9390b5c9624dc688ef142efc7451fc49e77924c
SHA256

e28acc7854e14ca67082eef530bb7fbc295dc03836fff2398aa5531997fdadcd
SHA512

c2924061b800049c8df23a77d7c0859beafe449fd61ed819cf7972f68a38859c8b3000155776d99b11fd294b2424f152bd108727b23bcfe767c0e7a3c7c0a46b
SSDEEP

12288:kRjMXTOAdvQT3G7AcHR5EgAwNIiR18f7Yv5FwvthU/r3YTBokk/zfd+gBN:MMXTOAdveAIOqiR14Ev5FwvHUz+BoJB3

Score

10^/10

lokibot collection spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://lodestarlegal.com.au/classes/components/Form/locale/fr/LC/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  0c5ce8ee57e868e3ec0f26d9b7f602c3_JaffaCakes118
- Size
  
  694KB
- MD5
  
  0c5ce8ee57e868e3ec0f26d9b7f602c3
- SHA1
  
  c9390b5c9624dc688ef142efc7451fc49e77924c
- SHA256
  
  e28acc7854e14ca67082eef530bb7fbc295dc03836fff2398aa5531997fdadcd
- SHA512
  
  c2924061b800049c8df23a77d7c0859beafe449fd61ed819cf7972f68a38859c8b3000155776d99b11fd294b2424f152bd108727b23bcfe767c0e7a3c7c0a46b
- SSDEEP
  
  12288:kRjMXTOAdvQT3G7AcHR5EgAwNIiR18f7Yv5FwvthU/r3YTBokk/zfd+gBN:MMXTOAdveAIOqiR14Ev5FwvHUz+BoJB3
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojan

behavioral2

lokibotcollectionspywarestealertrojan