lokibot | f69212a052709f85fb156064e704bdbe643ab0d8dfeb39d2b64494817859bbcd | Triage

Sharing

General

Target

33fdb710c091ddb7439d8b7177303a84_JaffaCakes118
Size

740KB
Sample

240511-lwzb3sed97
MD5

33fdb710c091ddb7439d8b7177303a84
SHA1

73fc5176e6d5ac34bf46a27e6477d98596ede130
SHA256

f69212a052709f85fb156064e704bdbe643ab0d8dfeb39d2b64494817859bbcd
SHA512

cbbe5f53677cc9a74ea0ca6f1942d77677a505160ad327ea4411ec7296ca464c74a8a1eb64e662d4df6618b71e26fc380a25a71ca5d355aeb1585715cf25c577
SSDEEP

12288:i5KyR2lKkkbTphYvT87rsxWxDF6GL1EwbhtxddCda6s:iHOJsbYvAkIDF6W1THzSs

Score

10^/10

lokibot collection spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://tpended.xyz/damp/pave/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  33fdb710c091ddb7439d8b7177303a84_JaffaCakes118
- Size
  
  740KB
- MD5
  
  33fdb710c091ddb7439d8b7177303a84
- SHA1
  
  73fc5176e6d5ac34bf46a27e6477d98596ede130
- SHA256
  
  f69212a052709f85fb156064e704bdbe643ab0d8dfeb39d2b64494817859bbcd
- SHA512
  
  cbbe5f53677cc9a74ea0ca6f1942d77677a505160ad327ea4411ec7296ca464c74a8a1eb64e662d4df6618b71e26fc380a25a71ca5d355aeb1585715cf25c577
- SSDEEP
  
  12288:i5KyR2lKkkbTphYvT87rsxWxDF6GL1EwbhtxddCda6s:iHOJsbYvAkIDF6W1THzSs
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojan

behavioral2

lokibotcollectionspywarestealertrojan