lokibot

General

Target

254461b1d524f5118ad05bb214b890ae_JaffaCakes118
Size

1.2MB
Sample

240508-rr9vxagh21
MD5

254461b1d524f5118ad05bb214b890ae
SHA1

e1056860b8229960dfbac22a4c567c420ab8d2bb
SHA256

c25440d2f67845f42726240bfd41b388f53b070815a20837c7eb3d49f90d6c18
SHA512

66851fca4e5b9fd34463f193eafa713357b414d954458b1b6a282e66d8834ec72ad951041307b26075360cecec195d914e9524b1c5de1c1def9a7a3d05b50df6
SSDEEP

24576:KxX8Ma/RqrHQUe6XvNQj5XWnuJXxawdK:KxDvrH7e6Sdiw

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://abscete.info/hero/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  254461b1d524f5118ad05bb214b890ae_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  254461b1d524f5118ad05bb214b890ae
- SHA1
  
  e1056860b8229960dfbac22a4c567c420ab8d2bb
- SHA256
  
  c25440d2f67845f42726240bfd41b388f53b070815a20837c7eb3d49f90d6c18
- SHA512
  
  66851fca4e5b9fd34463f193eafa713357b414d954458b1b6a282e66d8834ec72ad951041307b26075360cecec195d914e9524b1c5de1c1def9a7a3d05b50df6
- SSDEEP
  
  24576:KxX8Ma/RqrHQUe6XvNQj5XWnuJXxawdK:KxDvrH7e6Sdiw
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1

T1552

Credentials In Files

1

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Executes dropped EXE

Loads dropped DLL

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2