lokibot

Sharing

Copy URL

Twitter E-mail

General

Target

46b674fd08c91d314f0f03c3a4f11b8f_JaffaCakes118
Size

364KB
Sample

240515-sfefasfa44
MD5

46b674fd08c91d314f0f03c3a4f11b8f
SHA1

5fd81f98e511e67a3c0bbca16dcb7802f3a3308b
SHA256

14b23833a0069ece9c114d554b406c7f1da45fdcd910ecee37fbf0136aa09af2
SHA512

bbb93ecd4ca9bc9fd08f2fc73437647dfa2c2433c0349edf7ec8d091d428444090b4c7d178e6a55c62554393db987e906b16115c578d6b8deef317ea8b24e19b
SSDEEP

6144:/PCganNmYVTbqB4llElg0Jx14ur84IZZUdfh76OV9cpLkmSPxY/FYYkXmQObIKh7:VanggTw4Wgg1PA4mZUDmOzcpLvaxYwmH

Score

10^/10

Malware Config

Extracted

Family

lokibot

http://remzclot.ga/etc/main/l09/ap0s/home.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  46b674fd08c91d314f0f03c3a4f11b8f_JaffaCakes118
- Size
  
  364KB
- MD5
  
  46b674fd08c91d314f0f03c3a4f11b8f
- SHA1
  
  5fd81f98e511e67a3c0bbca16dcb7802f3a3308b
- SHA256
  
  14b23833a0069ece9c114d554b406c7f1da45fdcd910ecee37fbf0136aa09af2
- SHA512
  
  bbb93ecd4ca9bc9fd08f2fc73437647dfa2c2433c0349edf7ec8d091d428444090b4c7d178e6a55c62554393db987e906b16115c578d6b8deef317ea8b24e19b
- SSDEEP
  
  6144:/PCganNmYVTbqB4llElg0Jx14ur84IZZUdfh76OV9cpLkmSPxY/FYYkXmQObIKh7:VanggTw4Wgg1PA4mZUDmOzcpLvaxYwmH
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2
- Target
  
  $APPDATA/300/web_users/pkg/pgort80ui.dll
- Size
  
  9KB
- MD5
  
  30f022676cc01979d4a5c19be71e6315
- SHA1
  
  4444f5c00fb5db982f50b8c4dcd462a3c7ea2a16
- SHA256
  
  ffdd358ece4933171caef8e1c8bd788d7ae7fb6ff1788f1a5c502893af2e016d
- SHA512
  
  1e4e01d31eb069d3b6ef1c72e195d29c6eaf5bb6c7635794ccb4aec2a4a9e68cfcf30bb5b233679662a9bb8bf1e068b29918293c08336ab6bc3b634f5577688a
- SSDEEP
  
  192:aVW63bsx3psW4bjg8bUAF7OH0LSUHeRojUPmiaH:aVW63bQSW6s8bUG7OUL6a
Score

1^/10
behavioral3 behavioral4
- Target
  
  $APPDATA/300/web_users/pkg/pgoui.dll
- Size
  
  15KB
- MD5
  
  7597aa6c374743829358e543591c943f
- SHA1
  
  3415701136b9095ce890a91c0fe4621c52e2755c
- SHA256
  
  aee7923fde1ae19368b85fedbcfeef21c45d96ddbd2689662a0c4cc25ec40a3f
- SHA512
  
  de61f4af800a26bdc6b85866899ac2b80508beedf2159fa1a156941de4b04d73831739e4b13d27785410bebe9f1c0ea34202f9b0f1a9b86c9a05f4363b4daa19
- SSDEEP
  
  192:O3nnnuWi3PsEtW4G7mtB3caUMOBEJXHEIrNoiTEhRYqG+:O3nuWi3PltWNCmpMMEJHNEhRhG
Score

1^/10
behavioral5 behavioral6
- Target
  
  $APPDATA/img2/it_IT/29.opends60.dll
- Size
  
  48B
- MD5
  
  6357d179955674034f11ccd57b541013
- SHA1
  
  e8e4f0d49b439359f18465dd2ec35bef6f97f3d5
- SHA256
  
  b44f07c7601adce45a7d8d3c244ef33103798a81da81ea3aa5151cb3e6930e80
- SHA512
  
  63e436e109197bba8ed13ac5e36de53339559793a111fddbc5ed204a85f7b76b9739a0f21be85cba33184f312656fa92724c722b5acff72a299d1ab0b35f8f73
Score

1^/10
behavioral7 behavioral8
- Target
  
  $APPDATA/img2/it_IT/31.opends60.dll
- Size
  
  48B
- MD5
  
  9128287b604b1d7cb52c2a44e531ad12
- SHA1
  
  01e7aa892cd4cb79e48b567aee97123a0928d9e3
- SHA256
  
  aaaacf5a17f1503ad729030575ecd81e98061d62f9628530d649b2af77d4350e
- SHA512
  
  170bf84725b81975ee4c20dfa40a7c84b458af13f484ac2bcc247c3fc334217601a783730e465378be3063098db6d45f7064ac6701ecc6acdc53e3c4c017d126
Score

1^/10
behavioral10 behavioral9
- Target
  
  $APPDATA/img2/it_IT/65.opends60.dll
- Size
  
  48B
- MD5
  
  2120d9aaf6f8a8bca3e434c84f2de1f7
- SHA1
  
  56b7427063862d570a6c42d65f289ef18195dd15
- SHA256
  
  9880986cdbdb79851a7c07e23b30bba2dc84d514f6c8d889f35fcc4d69c19e26
- SHA512
  
  070d3c21e155c7e851215ddcee77f4bea86365dc2cdd5476748421f43057dad10e64e7626a6612303c19c1373fc61ef743ae54efa4db3b8b15a860408cffb7bc
Score

1^/10
behavioral11 behavioral12
- Target
  
  $APPDATA/img2/it_IT/74.opends60.dll
- Size
  
  47B
- MD5
  
  4984eb04c8300f18b3cc077c0b589c9c
- SHA1
  
  b23c5002ea5d690740f3bd6df8a799dca6a2ca1f
- SHA256
  
  d2b3069fb7c0fdfae1f1ac228c38be695f6b3155d00ae20c30acdddc39c31ace
- SHA512
  
  400c423f22a378589f4cc227a030626f408ad24d40ae524eaf3bb4119a427ce968f112100e6c1d7b807f1ac7db67fb6a1325d899c75889b2b80f7073da999324
Score

1^/10
behavioral13 behavioral14
- Target
  
  $APPDATA/img2/it_IT/MicrosoftVisualCVSCodeProvider.dll
- Size
  
  48KB
- MD5
  
  dea1dfbd72e2534ed39c737bfbfcd82d
- SHA1
  
  72ea9b3a4017d0c37d0f5b20e02008ffbc88b79d
- SHA256
  
  d828cda4a89557b24cc2a492cb3f6b09ec69c3ea00d36f5024b58942db9d76ea
- SHA512
  
  254c575fa45b90d58111336600b1df25b33ac246c75b4edf4abc7500e118a66a78a26871af046bcb080fc31e82181a4599e8ff4761cf560fdec7c1c7649ebe16
- SSDEEP
  
  768:ejSqkAVXYRXpXfkPcPMdFwBKmq5aYFRJevf:BqkAKfkkPMdmBKm2aygn
Score

1^/10
behavioral15 behavioral16
- Target
  
  $APPDATA/img2/it_IT/ProjWizUI.dll
- Size
  
  3KB
- MD5
  
  311aa10ab1c6fe05e80463232e10efa0
- SHA1
  
  19ca5bb1a25514fb7d93aabb7fe7af88ea4961d0
- SHA256
  
  9ea6362959d9aaf043928ff088084998b13ccc7eb06b9c650b5dd2cc0a2a5bd2
- SHA512
  
  1ac12b778fb851cc38fda1754fd4ca3f073641614042035d1c8f8ceffd9adeeb7c4faf588beb9d3b1faa1f6782f2564435d8360655343f131b6f2bbe4171e1de
Score

1^/10
behavioral17 behavioral18
- Target
  
  $APPDATA/img2/it_IT/aspnetwp.exe
- Size
  
  29KB
- MD5
  
  586677e260d59c0aef4787749bd22e22
- SHA1
  
  0362a9f12b333489d0881ad80487a5d70c6f6c53
- SHA256
  
  16f9671a4d62b9b6d58339d58cecd1cb1a57fb55b98e449a36520b6ae57fb3a3
- SHA512
  
  a7eea5ce32354e4d83a4c83ac743a9fb9a3d345ada34db2366259709e98606b8815cd588ba3c87efd3450d827844983670df10fbe252ea622c9a98d62371e7b4
- SSDEEP
  
  768:i2LK/zkfU+wmeQNm+1QNVB77TrfL3d/o+k:i2LKb0DwmeQNmwMpXfR/oB
Score

1^/10
behavioral19 behavioral20
- Target
  
  $APPDATA/img2/it_IT/extensibility.dll
- Size
  
  4KB
- MD5
  
  74c8987f1b2549e1df3eb3874b68ecac
- SHA1
  
  6a7b0f36c9e59d75a2cc21d6e81fb222d8b41c57
- SHA256
  
  101756dd798818231e989c0d02c29d3423b6f17ef486a0fb758ebda6f307ea43
- SHA512
  
  3298c9bc9e403f6a5137b6e2054fa8e570374e008ca64e23de2a0359a0fa4faf5547590080f230158d048f47fbfac7b48d8e7e099bb10e7b40eced2ce07dfced
- SSDEEP
  
  48:6ifF+CKHGta7+hUGC9tkfY66hd+IvC+GbzActy0rIZWi9fOTAS5WPxC:vF+0tphUGCPj663xvObzAcLEWjHWP
Score

1^/10
behavioral21 behavioral22
- Target
  
  $APPDATA/img2/it_IT/vcencbld.dll
- Size
  
  44KB
- MD5
  
  15f4aebe0ad31fb59402022d82573614
- SHA1
  
  55bd5382a75859b2e7fdd9e7d21f5ef694e3a973
- SHA256
  
  cfda3361936df0ce9f0fbe92d4a1c43cbe53448b97e0cce098dc2f786d273ba0
- SHA512
  
  0ace197a5615550e8b72f3bd4da6f4cf5257fc34812ede96f6f2169ecd01b5baf333052af730602a87795e64e62b3bde390b32107bf4a1c69195d323c7ade00d
- SSDEEP
  
  768:g7Z4VhK+4QierfiLX7pld37Qh5CQNAF0Vt3KCc:eqFNGllNS5RWKt3
Score

1^/10
behavioral23 behavioral24
- Target
  
  $APPDATA/img2/it_IT/wbemDC.dll
- Size
  
  31KB
- MD5
  
  a7d437a83378ac8f19797eff1044732b
- SHA1
  
  446f1802d1b199779ef8a35daf1c35125e193bd1
- SHA256
  
  697f768d749e5bfe8055997819fc0b088cb7ea2ce31e198b7210fa7dfa1ee597
- SHA512
  
  1349e67e4a68191e05af24242108732abfddfcb9e38427987f8407038e441386a0a004b5a7eb3f5a793691d06bf124f226e749238302bdd6b538605c3e8eec1e
- SSDEEP
  
  384:Ht7JZXNm4ZDjaEyaD0eNB1QsubhZKCTVvt9Sj5ko8Zr6DtnWO93GjWz6ctY:HtFRjnaExG1NZKCdSj5Eyt/wW0
Score

1^/10
behavioral25 behavioral26
- Target
  
  $APPDATA/media/albums/26.opends60.dll
- Size
  
  43B
- MD5
  
  6656bce9e1cb637de6ac1c59931652ca
- SHA1
  
  e1b36b700bff71120603109993df753ef9c2665d
- SHA256
  
  380f4f63d6596179ef12e7f57625d33033d361e287cde3397242d54ecf31c83a
- SHA512
  
  10134710255af4b94e0d5e2010d65dfc6e7494057de76ca66d76ce9eb74a2eb79a14d1b2ecb9fd0b38f8ed5675c00821da40a495182775f444a45144646e417f
Score

1^/10
behavioral27 behavioral28
- Target
  
  $APPDATA/media/albums/80.opends60.dll
- Size
  
  54B
- MD5
  
  7a7c132eb389943d33d877fb0c39ae03
- SHA1
  
  1355e52a60809439835ba1123cdf8f5615866be9
- SHA256
  
  c5f6d96ace37272eb41537a808d4b54b007e1a6c52ccc5ed5f3bc0a42432a88d
- SHA512
  
  94c6d7e85952174967aa66b37cf992a3affc8e5f9654eb58172fe2f0eb41b82aa97328d07b37640a1bb7644e8530e81e7924fffdb63fb5b53c56dd2768417aa9
Score

1^/10
behavioral29 behavioral30
- Target
  
  $APPDATA/media/albums/ActiveSyncBootstrap.dll
- Size
  
  40KB
- MD5
  
  b59ec4aa8cc4eeb16e5567c085d5d677
- SHA1
  
  7c2442b35816e0517648a390f106910ae960f7bf
- SHA256
  
  1bf2270bfa6bafe29329f9d84c5f8856b57c84af6f3ed05027cebc4f767d07ef
- SHA512
  
  719d127a378fb16772c5a6c4b6ea6225a27ad4cd2a0d84e237faaa7a1a4e63cdd869ad2cf04b57268e393f709adea2a8aa83c6a640111d93fd2071ebdac7a470
- SSDEEP
  
  768:MzE7orC6TyNqZ7t7Ahh5E4C6FHYm6d985dgn49kjkGnUOhBpEdpb:tkTym7t7Ahh93+dqgbjXUOhBpeb
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Email Collection

T1114

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

Sharing

General

Malware Config

Extracted

Targets

Loads dropped DLL

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

MITRE ATT&CK Matrix ATT&CK v13

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32