lokibot

General

Target

64b6a1d565c3f4cb1f8b019be43f1049f4d540e0d8d9eabd8cf586cb9ebbb650.exe
Size

566KB
Sample

240511-bt3xdadd6t
MD5

7f300dc215515c22c0d79dafb84537d9
SHA1

70a2ff981229f244693245ad81284ae6fc2f872d
SHA256

64b6a1d565c3f4cb1f8b019be43f1049f4d540e0d8d9eabd8cf586cb9ebbb650
SHA512

5766eb94a6a72a25fe1f670cd3758b4d6586ee4a87089bb3c97dc584888315925df294e3fd480734eb61aa9e979ef928c4309cf350e7023dc329320da7daac97
SSDEEP

3072:e9rAUsz2Ptd2epEFbMkbNZG46Xz3kFE0bFd+m0de2fcRMBLEFx11Hiv2MN+arr8V:eauBjkbNNhNHG+96+XKK+96

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://tampabayllc.top/teamb/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  64b6a1d565c3f4cb1f8b019be43f1049f4d540e0d8d9eabd8cf586cb9ebbb650.exe
- Size
  
  566KB
- MD5
  
  7f300dc215515c22c0d79dafb84537d9
- SHA1
  
  70a2ff981229f244693245ad81284ae6fc2f872d
- SHA256
  
  64b6a1d565c3f4cb1f8b019be43f1049f4d540e0d8d9eabd8cf586cb9ebbb650
- SHA512
  
  5766eb94a6a72a25fe1f670cd3758b4d6586ee4a87089bb3c97dc584888315925df294e3fd480734eb61aa9e979ef928c4309cf350e7023dc329320da7daac97
- SSDEEP
  
  3072:e9rAUsz2Ptd2epEFbMkbNZG46Xz3kFE0bFd+m0de2fcRMBLEFx11Hiv2MN+arr8V:eauBjkbNNhNHG+96+XKK+96
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
- Detects executables containing common artifacts observed in infostealers
- Detects executables referencing many file transfer clients. Observed in information stealers
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

Detects executables containing common artifacts observed in infostealers

Detects executables referencing many file transfer clients. Observed in information stealers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2