lokibot

General

Target

5d898832ef4c190d301d67b8f2534213a65633426edbff513b28cbd09df235b3.exe
Size

990KB
Sample

240502-bwxhdafc78
MD5

c45be3cda7b3a08691d1b0ec9b2f9d9d
SHA1

68c3fae9d29936c326c5ad88b3b7091af3f8f450
SHA256

5d898832ef4c190d301d67b8f2534213a65633426edbff513b28cbd09df235b3
SHA512

d58e35e5487c34d80ea53b9db642137831f412d51dfb772d39d5324940d5216730feaf6f1203fafb6f17b6fca153739a6c987cd2437a8519e43e32ff7b07b0d5
SSDEEP

12288:bjU00pFjzc/AKn4lvHMYLX5kcqoaw297Vinu3neuNtG9ipyjSRIPMbP:z0s3ncLkBo297gu3euveszbP

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://ebnsina.top/evie1/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  5d898832ef4c190d301d67b8f2534213a65633426edbff513b28cbd09df235b3.exe
- Size
  
  990KB
- MD5
  
  c45be3cda7b3a08691d1b0ec9b2f9d9d
- SHA1
  
  68c3fae9d29936c326c5ad88b3b7091af3f8f450
- SHA256
  
  5d898832ef4c190d301d67b8f2534213a65633426edbff513b28cbd09df235b3
- SHA512
  
  d58e35e5487c34d80ea53b9db642137831f412d51dfb772d39d5324940d5216730feaf6f1203fafb6f17b6fca153739a6c987cd2437a8519e43e32ff7b07b0d5
- SSDEEP
  
  12288:bjU00pFjzc/AKn4lvHMYLX5kcqoaw297Vinu3neuNtG9ipyjSRIPMbP:z0s3ncLkBo297gu3euveszbP
Score

10^/10

lokibot spyware stealer trojan collection
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
- Detects executables containing common artifacts observed in infostealers
- Detects executables referencing many file transfer clients. Observed in information stealers
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1

T1552

Credentials In Files

1

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

Detects executables containing common artifacts observed in infostealers

Detects executables referencing many file transfer clients. Observed in information stealers

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2