lokibot | 26c693ff2e7bfb43a2476a8ad6c316185a31f65e90f56b2eac3c98393d6a53cf | Triage

Sharing

General

Target

tmpswicz7pm
Size

1.3MB
Sample

240518-txj8jscc21
MD5

0d6617a7174bbd7156e7f31b40f5b8b0
SHA1

e1fae724282c52ee4d41c909c7ba28f77df2950f
SHA256

26c693ff2e7bfb43a2476a8ad6c316185a31f65e90f56b2eac3c98393d6a53cf
SHA512

6df443fa2444cec99cc96ac93cf2b2b9b102e96e676ffe8893943a59e0a01446139f6e4415b10846bd7a25222fcfc48ba781903fed771b295179d4fc1d476661
SSDEEP

24576:HAHnh+eWsN3skA4RV1Hom2KXMmHae6BAz/SiYXQlnWGpAJEH5:6h+ZkldoPK8Ya3ArdYXQln+y

Score

10^/10

lokibot collection persistence spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://tjfr.ga/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  tmpswicz7pm
- Size
  
  1.3MB
- MD5
  
  0d6617a7174bbd7156e7f31b40f5b8b0
- SHA1
  
  e1fae724282c52ee4d41c909c7ba28f77df2950f
- SHA256
  
  26c693ff2e7bfb43a2476a8ad6c316185a31f65e90f56b2eac3c98393d6a53cf
- SHA512
  
  6df443fa2444cec99cc96ac93cf2b2b9b102e96e676ffe8893943a59e0a01446139f6e4415b10846bd7a25222fcfc48ba781903fed771b295179d4fc1d476661
- SSDEEP
  
  24576:HAHnh+eWsN3skA4RV1Hom2KXMmHae6BAz/SiYXQlnWGpAJEH5:6h+ZkldoPK8Ya3ArdYXQln+y
Score

10^/10

lokibot collection persistence spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectionpersistencespywarestealertrojan

behavioral2

lokibotcollectionpersistencespywarestealertrojan