lokibot | a2056936a425c6200073f50be492ae4e09a891c99db0df2ab952d3b04607b131 | Triage

Sharing

General

Target

2b240562bcf345533c6f0ee578787499_JaffaCakes118
Size

236KB
Sample

240509-wcj36ahe84
MD5

2b240562bcf345533c6f0ee578787499
SHA1

9453160cc84b29beabfb68c28dff8e4349cd5cb4
SHA256

a2056936a425c6200073f50be492ae4e09a891c99db0df2ab952d3b04607b131
SHA512

2117a7126cb34813660f247035248d627cc674747bd586a6b3a6dddd4775c0eb7c725215da90b1cc2df68cd26fde77034dc5310fa604df9e90cf9ab2c7fb2c29
SSDEEP

3072:c7rM2aT8MxJ2m/8+y7K5oTcbWZzcKzs+jA3wsESZkPCEyLUWCI4IfcbjUz9AJlox:c7r2wO3/D5TW5u+jA3OskzOCiEnUz2

Score

10^/10

lokibot collection spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://kaokao-twn.com/exploitedreal/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  2b240562bcf345533c6f0ee578787499_JaffaCakes118
- Size
  
  236KB
- MD5
  
  2b240562bcf345533c6f0ee578787499
- SHA1
  
  9453160cc84b29beabfb68c28dff8e4349cd5cb4
- SHA256
  
  a2056936a425c6200073f50be492ae4e09a891c99db0df2ab952d3b04607b131
- SHA512
  
  2117a7126cb34813660f247035248d627cc674747bd586a6b3a6dddd4775c0eb7c725215da90b1cc2df68cd26fde77034dc5310fa604df9e90cf9ab2c7fb2c29
- SSDEEP
  
  3072:c7rM2aT8MxJ2m/8+y7K5oTcbWZzcKzs+jA3wsESZkPCEyLUWCI4IfcbjUz9AJlox:c7r2wO3/D5TW5u+jA3OskzOCiEnUz2
Score

10^/10

lokibot spyware stealer trojan collection
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

lokibotcollectionspywarestealertrojan