lokibot | 64b6a1d565c3f4cb1f8b019be43f1049f4d540e0d8d9eabd8cf586cb9ebbb650 | Triage

Sharing

General

Target

64b6a1d565c3f4cb1f8b019be43f1049f4d540e0d8d9eabd8cf586cb9ebbb650.exe
Size

566KB
Sample

240511-kf74lsbh42
MD5

7f300dc215515c22c0d79dafb84537d9
SHA1

70a2ff981229f244693245ad81284ae6fc2f872d
SHA256

64b6a1d565c3f4cb1f8b019be43f1049f4d540e0d8d9eabd8cf586cb9ebbb650
SHA512

5766eb94a6a72a25fe1f670cd3758b4d6586ee4a87089bb3c97dc584888315925df294e3fd480734eb61aa9e979ef928c4309cf350e7023dc329320da7daac97
SSDEEP

3072:e9rAUsz2Ptd2epEFbMkbNZG46Xz3kFE0bFd+m0de2fcRMBLEFx11Hiv2MN+arr8V:eauBjkbNNhNHG+96+XKK+96

Score

10^/10

lokibot collection spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://tampabayllc.top/teamb/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  64b6a1d565c3f4cb1f8b019be43f1049f4d540e0d8d9eabd8cf586cb9ebbb650.exe
- Size
  
  566KB
- MD5
  
  7f300dc215515c22c0d79dafb84537d9
- SHA1
  
  70a2ff981229f244693245ad81284ae6fc2f872d
- SHA256
  
  64b6a1d565c3f4cb1f8b019be43f1049f4d540e0d8d9eabd8cf586cb9ebbb650
- SHA512
  
  5766eb94a6a72a25fe1f670cd3758b4d6586ee4a87089bb3c97dc584888315925df294e3fd480734eb61aa9e979ef928c4309cf350e7023dc329320da7daac97
- SSDEEP
  
  3072:e9rAUsz2Ptd2epEFbMkbNZG46Xz3kFE0bFd+m0de2fcRMBLEFx11Hiv2MN+arr8V:eauBjkbNNhNHG+96+XKK+96
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojan

behavioral2

lokibotcollectionspywarestealertrojan