lokibot | 56ac999ebad4d5b8ecad0c68ab8fa75b8394a57304c40075ccf2688cedb3a258 | Triage

Sharing

General

Target

373a41e3d93076ce2545be944c84d75d_JaffaCakes118
Size

146KB
Sample

240512-aak2safa31
MD5

373a41e3d93076ce2545be944c84d75d
SHA1

7703fe9cd2a5e97478bca5fa477b0df6f0964b17
SHA256

56ac999ebad4d5b8ecad0c68ab8fa75b8394a57304c40075ccf2688cedb3a258
SHA512

07f55b93ebc1d17dae096f8b0462bae98c46c02e067c2123dce52da3e70ed7fc62a6623ed36d0b060b95a15c2da66fc366a7310a07798c2df1ff6447a1587978
SSDEEP

3072:YPJJFDF7qNqlk3a6ag6TJzi5clLCPTav93nVk1L6NMFGYIkvPSqHbw3Rl:svQr3ojTJzi5YNVs6NMFTv6qHil

Score

10^/10

lokibot collection spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://www.jackpotplc.net/motivate/minds/more/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  Statement_31_01_2019_106068.pdf.exe
- Size
  
  452KB
- MD5
  
  2ca87e7580e1cd813e6da33803572e49
- SHA1
  
  9746252f6f33e26badcaffaa0d2b60bc2c75fdad
- SHA256
  
  c038efe46f382f2072ac571e511a10a17dd18656dcc92c9bd4e63f75f8b60ed0
- SHA512
  
  4efbea2393de5b3a64c66b999032fa32f293bc8d80f0cc2fe4d377b6c84fb9774aaee847254d778623b49866ded55ae4ff6359f2835dd9ca30096955a40f3ae6
- SSDEEP
  
  6144:EGafnavbICNyMoIy9fK5S8k7LA3jwb6LLc:EGafnavbICNyMoIy9SQj7LojwuL
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojan

behavioral2

lokibotcollectionspywarestealertrojan