lokibot

General

Target

3c3cedc000a25a9478e78e2a90b3310afec83616d36f9353be0721dd2aa052f8.exe
Size

990KB
Sample

240511-bnbwpsch4w
MD5

53a01fab9569531fc1003d2c311c3be5
SHA1

2a06e0d33e8eeb5de3f2871966fd79d881291edf
SHA256

3c3cedc000a25a9478e78e2a90b3310afec83616d36f9353be0721dd2aa052f8
SHA512

6f1b53eed342ff6855f4f9f2aa32fdf8d7fb00aaff5f11eab945fb8132b246e22e341eb659ff5442fddcdfcfd50d80ca6f6b8096519ceb97b378b1b7d5e9494b
SSDEEP

24576:rxlH0Rs/lye+jfbqgevz5thlMRNuPraFOPSKa0:dlH0Rs/z+7bqllthlMRNuPraFOPSK

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://195.123.211.210/evie1/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  3c3cedc000a25a9478e78e2a90b3310afec83616d36f9353be0721dd2aa052f8.exe
- Size
  
  990KB
- MD5
  
  53a01fab9569531fc1003d2c311c3be5
- SHA1
  
  2a06e0d33e8eeb5de3f2871966fd79d881291edf
- SHA256
  
  3c3cedc000a25a9478e78e2a90b3310afec83616d36f9353be0721dd2aa052f8
- SHA512
  
  6f1b53eed342ff6855f4f9f2aa32fdf8d7fb00aaff5f11eab945fb8132b246e22e341eb659ff5442fddcdfcfd50d80ca6f6b8096519ceb97b378b1b7d5e9494b
- SSDEEP
  
  24576:rxlH0Rs/lye+jfbqgevz5thlMRNuPraFOPSKa0:dlH0Rs/z+7bqllthlMRNuPraFOPSK
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
- Detects executables containing common artifacts observed in infostealers
- Detects executables referencing many file transfer clients. Observed in information stealers
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1

T1552

Credentials In Files

1

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

Detects executables containing common artifacts observed in infostealers

Detects executables referencing many file transfer clients. Observed in information stealers

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2