lokibot | 69ba0f9d9e95b11ae7b24c11e1ad0324052213c795edb08408fe8bfdf93eeffa | Triage

Submit
Reports

Overview

overview

Static

static

1

192082743e...18.msi

windows7-x64

192082743e...18.msi

windows10-2004-x64

Sharing

General

Target

192082743e48b6d1a9ab6041ee7d666d_JaffaCakes118
Size

452KB
Sample

240505-y36e7ach2y
MD5

192082743e48b6d1a9ab6041ee7d666d
SHA1

e5e2365e03aadd05d31b1d2f5a3b65bf7e012ff9
SHA256

69ba0f9d9e95b11ae7b24c11e1ad0324052213c795edb08408fe8bfdf93eeffa
SHA512

972847060ee91cbcdfe8575ab441e8f45f71c4e8cd712e129216637cd477a0faf33a994a576a0d52ade88f00d465bdfb3289112f09eedd4a2d89a5861b75e756
SSDEEP

6144:DECDbK9rvuI896b/7Ok8sYfyMXDLb+UqCcB49EUnq7HQYfPgGKF0KhvO1mDNMFUr:DEWC89gYfleHtEOgDNMFUph

Score

10^/10

lokibot collection spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

192082743e48b6d1a9ab6041ee7d666d_JaffaCakes118.msi

Resource

win7-20240221-en

lokibot collection spyware stealer trojan

windows7-x64

18 signatures

150 seconds

Behavioral task

behavioral2

Sample

192082743e48b6d1a9ab6041ee7d666d_JaffaCakes118.msi

Resource

win10v2004-20240419-en

lokibot collection spyware stealer trojan

windows10-2004-x64

17 signatures

150 seconds

Malware Config

Extracted

Family

lokibot

C2

http://31.220.2.200/~wedcrest/admin/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  192082743e48b6d1a9ab6041ee7d666d_JaffaCakes118
- Size
  
  452KB
- MD5
  
  192082743e48b6d1a9ab6041ee7d666d
- SHA1
  
  e5e2365e03aadd05d31b1d2f5a3b65bf7e012ff9
- SHA256
  
  69ba0f9d9e95b11ae7b24c11e1ad0324052213c795edb08408fe8bfdf93eeffa
- SHA512
  
  972847060ee91cbcdfe8575ab441e8f45f71c4e8cd712e129216637cd477a0faf33a994a576a0d52ade88f00d465bdfb3289112f09eedd4a2d89a5861b75e756
- SSDEEP
  
  6144:DECDbK9rvuI896b/7Ok8sYfyMXDLb+UqCcB49EUnq7HQYfPgGKF0KhvO1mDNMFUr:DEWC89gYfleHtEOgDNMFUph
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojan

behavioral2

lokibotcollectionspywarestealertrojan

© 2018-2024

Terms | Privacy