lokibot

Sharing

Copy URL

Twitter E-mail

General

Target

426864ffdb0235ccdc5d7e2a61017487_JaffaCakes118
Size

276KB
Sample

240514-wk829agh81
MD5

426864ffdb0235ccdc5d7e2a61017487
SHA1

2a16c7a71c8ca07c8c058948d0729a60c43e5d1f
SHA256

74fbb80e9ce946d112bc393e5734ac2aa5d24ab02402140f7a817fba4aab9727
SHA512

d0df2934e854bdc4480134c045954c3455680c737e94243efd889338522b9d9e68ea1e8ba9adbe7b4244f9e0b28c1f8dc721b38a4db7c7967cf8aa0965828b8f
SSDEEP

6144:n5DX002W8M6TeKkfFBeEOckRk1n28X63rL4XwFAMf:tXsFMMkNMEOWnX4rLWwR

Score

10^/10

Malware Config

Extracted

Family

lokibot

http://palacegrades.com/~zadmin/lmark/sfran/link.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  426864ffdb0235ccdc5d7e2a61017487_JaffaCakes118
- Size
  
  276KB
- MD5
  
  426864ffdb0235ccdc5d7e2a61017487
- SHA1
  
  2a16c7a71c8ca07c8c058948d0729a60c43e5d1f
- SHA256
  
  74fbb80e9ce946d112bc393e5734ac2aa5d24ab02402140f7a817fba4aab9727
- SHA512
  
  d0df2934e854bdc4480134c045954c3455680c737e94243efd889338522b9d9e68ea1e8ba9adbe7b4244f9e0b28c1f8dc721b38a4db7c7967cf8aa0965828b8f
- SSDEEP
  
  6144:n5DX002W8M6TeKkfFBeEOckRk1n28X63rL4XwFAMf:tXsFMMkNMEOWnX4rLWwR
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/Splash.dll
- Size
  
  4KB
- MD5
  
  3f35f73787f0c3bb5e59445fb18ade0d
- SHA1
  
  f1566faff96c3988cfc28dc7d433094b6348cdbf
- SHA256
  
  5570969d22a33c23b60c5f5536f781219e458a869b77b8dde4a94cc124ee4de6
- SHA512
  
  45c42ea95f53a3b8a3fd74bd55ad6f0b3f2b91dd969104de845fd819fe307dec2b4d472bee45554500b0c51052ee82ac98196e894af806edf67a947328474e57
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  fbe295e5a1acfbd0a6271898f885fe6a
- SHA1
  
  d6d205922e61635472efb13c2bb92c9ac6cb96da
- SHA256
  
  a1390a78533c47e55cc364e97af431117126d04a7faed49390210ea3e89dd0e1
- SHA512
  
  2cb596971e504eaf1ce8e3f09719ebfb3f6234cea5ca7b0d33ec7500832ff4b97ec2bbe15a1fbf7e6a5b02c59db824092b9562cd8991f4d027feab6fd3177b06
- SSDEEP
  
  192:yPtkiQJr7V9r3Ftr87NfwXQ6whlgi62V7i77blbTc4DI:N7Vxr8IgLgi3sVc4
Score

3^/10
behavioral5 behavioral6
- Target
  
  $TEMP/gazumps.dll
- Size
  
  6KB
- MD5
  
  f61e1bbe20b14c5f1baf9192916f3fbc
- SHA1
  
  ed5f29f943dfcdee8894077f408478e5313ae4b4
- SHA256
  
  74dc1203f77e1b7e352e13c49bd3d71a9d32ff5511e03f6c9b49f11424e2ca59
- SHA512
  
  d16ab93488dad2f6d98f566562dae76c21e1ff31ec8f65991792d77ebb8d690bda458c304feffb83d6dbaa7bd5829529b9a7fe77e10211c4aaf61d63e978b2f3
- SSDEEP
  
  96:hNRubDG4qteK8I9xkR8MglDKPis8LgrDEy42KkpWh:J4Df3Kh9xkGluPi9LIDE2rW
Score

1^/10
behavioral7 behavioral8

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Email Collection

T1114

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Loads dropped DLL

Accesses Microsoft Outlook profiles

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8