lokibot

General

Target

7325e63707cc4aad1cbded752e2ab79caf3c2886c79d53a78bd1a0c5c212f9a3.exe
Size

707KB
Sample

240502-b1brgafd98
MD5

8263d738da041012ef25c65cb3a71dd1
SHA1

ee6b41ac18825ed6110da63b94da7da66cde9a7c
SHA256

7325e63707cc4aad1cbded752e2ab79caf3c2886c79d53a78bd1a0c5c212f9a3
SHA512

4cb80a7bfefe85f2d6b0cc4947df730930405e33679264b0f9d4fc5316b31fcc948eae5cab14646ebb375e721e068b3526b7b699f4366d15b4ed8d3e29c1699f
SSDEEP

12288:FZ9pzkLXw40CVCZQOB3pOZIqswLpuJRrWaQkIDKiU:FZ9pzUXL0MkPBZ53wLpUhji

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://ebnsina.top/evie1/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  7325e63707cc4aad1cbded752e2ab79caf3c2886c79d53a78bd1a0c5c212f9a3.exe
- Size
  
  707KB
- MD5
  
  8263d738da041012ef25c65cb3a71dd1
- SHA1
  
  ee6b41ac18825ed6110da63b94da7da66cde9a7c
- SHA256
  
  7325e63707cc4aad1cbded752e2ab79caf3c2886c79d53a78bd1a0c5c212f9a3
- SHA512
  
  4cb80a7bfefe85f2d6b0cc4947df730930405e33679264b0f9d4fc5316b31fcc948eae5cab14646ebb375e721e068b3526b7b699f4366d15b4ed8d3e29c1699f
- SSDEEP
  
  12288:FZ9pzkLXw40CVCZQOB3pOZIqswLpuJRrWaQkIDKiU:FZ9pzUXL0MkPBZ53wLpUhji
Score

10^/10

lokibot spyware stealer trojan collection
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
- Detects executables containing common artifacts observed in infostealers
- Detects executables referencing many file transfer clients. Observed in information stealers
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1

T1552

Credentials In Files

1

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

Detects executables containing common artifacts observed in infostealers

Detects executables referencing many file transfer clients. Observed in information stealers

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2