lokibot

Sharing

Copy URL

Twitter E-mail

General

Target

61c8ee9e802a17db2db3c18ad499aa7e_JaffaCakes118
Size

331KB
Sample

240521-c8l3vaff7y
MD5

61c8ee9e802a17db2db3c18ad499aa7e
SHA1

c36bb0035b1a148ea9196922285682e7120e4488
SHA256

fdbff013b835081580756a378afeb8c6897a345f6934fa54d1c71ade4d15fe7f
SHA512

6ac30fe563e450512399f4a1546c9ab24e283567bed0521cb772c3008d64a0c7044da6718eca875a14ea59382711de1cdb978198a4cf0e82defe46188350837f
SSDEEP

6144:zPCganN6HQxxrLraodRFxyxq8hOUc/7UADwnG8NPMyiulxWr4:hanAwXrnaodR6xq8DDAEnjRtXjWs

Score

10^/10

Malware Config

Extracted

Family

lokibot

http://joovy.ga/choolee/gate.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  61c8ee9e802a17db2db3c18ad499aa7e_JaffaCakes118
- Size
  
  331KB
- MD5
  
  61c8ee9e802a17db2db3c18ad499aa7e
- SHA1
  
  c36bb0035b1a148ea9196922285682e7120e4488
- SHA256
  
  fdbff013b835081580756a378afeb8c6897a345f6934fa54d1c71ade4d15fe7f
- SHA512
  
  6ac30fe563e450512399f4a1546c9ab24e283567bed0521cb772c3008d64a0c7044da6718eca875a14ea59382711de1cdb978198a4cf0e82defe46188350837f
- SSDEEP
  
  6144:zPCganN6HQxxrLraodRFxyxq8hOUc/7UADwnG8NPMyiulxWr4:hanAwXrnaodR6xq8DDAEnjRtXjWs
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2
- Target
  
  $APPDATA/15/cvtres.exe
- Size
  
  31KB
- MD5
  
  d312a154a5f5e54bbbcf12a22b1b2058
- SHA1
  
  f8fa4c00c53d6800c81cfb8ff910514f6324ab68
- SHA256
  
  91b2e82a6bc7dff3cd1336caec81d515b7422c39a5ae19d5dc87673239f00430
- SHA512
  
  d42d9fa8bb383ac0f8643d2e87fc5a1c6b7c4d4bdbfbc5fdd3eb38d69202d2819166b62a069158d8f3c4999edc1591b75a768c90ea2aab76e2bd5bc3d8e4cdf1
- SSDEEP
  
  768:IaEu+pIy70T4voc53bxmB3aALsRO7kSDTvKdnGSL3d/o+S:MIa0Ttcl0B31LsRO7kAKdnGSR/ol
Score

1^/10
behavioral3 behavioral4
- Target
  
  $APPDATA/15/metade.dll
- Size
  
  40KB
- MD5
  
  6ce0a00b9c336497b08106982b5f34d7
- SHA1
  
  5a513e808470c9375d99096020e021340ebef332
- SHA256
  
  1c55dab99bdf7461f211af018ce84478ff76f230133bfe3f8ed4b535a6a3cbd1
- SHA512
  
  abefa479dd072165c12cd4a04107fda982f2002bf33c28d8038b673632cf8f45e59ebc56c2501c7d12ed28e502361f95382322e7c3dc545601e0264f9e183ed8
- SSDEEP
  
  768:/lM05vRJQLrGB8vH/MON6s9+nQ8TYtehb1QsJcHO3pflk:i05ELr48vH/MOkDQ8TYteAsaHO5fl
Score

1^/10
behavioral5 behavioral6
- Target
  
  $APPDATA/keywords/bs/50.opends60.dll
- Size
  
  53B
- MD5
  
  fef6ff21091dd47c0613d0d3877e5bc9
- SHA1
  
  da1674ed58ffcbb339c48c52bfdee85c27f2f4b9
- SHA256
  
  340892ce705602d6c93c888dccd941a3ea9195f78d56d92952bae9c9d0476a53
- SHA512
  
  d19fd56aadc1c95971c2373d8e47cfefe741066caf37cb326cbd65304dfc5f698a0381e1b882a8e53ca894b0f0908218bd1a8705ae33971aadc0e258ce14cff8
Score

1^/10
behavioral7 behavioral8
- Target
  
  $APPDATA/keywords/bs/aspnetstate.exe
- Size
  
  29KB
- MD5
  
  d33c507942299753868204cc7642fa27
- SHA1
  
  671870a43febef51228e8507b36d0cb6ffa0cff2
- SHA256
  
  4e7096d6f4b1176c4823540427219988ac9180e70954d3bf32a6c15ed1332670
- SHA512
  
  ae4516a061a8e8b22780043685485126a96feff6917d5e52574d3afdd957d44d051e6c437eb499260a5980959ea3162b18496f2bce8a56b6aec85df6da5e565a
- SSDEEP
  
  768:fNalEibjHz9kFmw0D+iwGqC+iIL3d/o+g:fPS6cw05wGj7IR/oF
Score

1^/10
behavioral10 behavioral9
- Target
  
  $APPDATA/rss/mscorsecr.dll
- Size
  
  22KB
- MD5
  
  e8578ddd3ba0d1a0675e4c57da032f95
- SHA1
  
  2afc96c75a344140a7f7bb0fa23ea23aaf5794fb
- SHA256
  
  fc78f8747f8b57bc340ca6b5055133450e33571a02449069542c91f1d9070b80
- SHA512
  
  81614b26683c9e1fad857c961298d8d4f5a1205074ab25755328948d9846163cd360e47327bc5524738318ca4daac6458b336ddc24723b4cc9f4c66c9e3e55a9
- SSDEEP
  
  192:IWkcNZ3W/L6fT62gd+XS+aJfT62gc424ct:IWk0Z3Wz6L62S+XS+aJL62
Score

1^/10
behavioral11 behavioral12
- Target
  
  $APPDATA/rss/sbswminetutils.dll
- Size
  
  5KB
- MD5
  
  a692cab78e2cd9231dc99c9a0856f92c
- SHA1
  
  21fcfee7969bb94f40483385ecf8155f0d854523
- SHA256
  
  20958bc68c0bc83527e506e9f9502d9adf1d878e67c97468c0daefe291b6feb8
- SHA512
  
  17e15684776a2793e68ce12ed32830482bb80fbbf5fdb4ad5169b16350ec2481540f03f6d8025c0c55c9a39356b79df80f68a103cfdb90d8bd7a0a02c1725c16
- SSDEEP
  
  48:C0ytDdk88Lf6uE4PYPF18s42oTNewuvUtZWNHWHln5IBSrSRK5WWrn56:7ytDdf+Su7gPF42ONc6Wt0d5IBdRaWP
Score

1^/10
behavioral13 behavioral14
- Target
  
  $APPDATA/rss/spcustom.dll
- Size
  
  21KB
- MD5
  
  dd4deb6fe0c79cdd79be1d0df958cca5
- SHA1
  
  714bbf446b36a038c179d3388d346cd56c57aa38
- SHA256
  
  51e233e832d97b7daca2fa9352d84b1e3450b2c96eb8a8e92fde1cf0b7c4f925
- SHA512
  
  df90fc7eeac91a2d23b497c71a9d0cbc66faccf12fba9b83d09ad178a784dbf77a488b7a3c31cdc63d37108458921881c00db22761ee854b54006457dc29696e
- SSDEEP
  
  384:qfuGBG9yKK/ukfT3/zZh1qS5v2E5G2zfHAniOYl2Ubjrw448RJpWi2pWGGPH5LC/:qfupkKBCTrZfB+GgiO6TJIKPZL3d/o+y
Score

1^/10
behavioral15 behavioral16
- Target
  
  $TEMP/Blackface.dll
- Size
  
  49KB
- MD5
  
  526003df5801f2c386b4196a75aab900
- SHA1
  
  b1618e4963a5bf740be6844528ed864ea3d5314a
- SHA256
  
  fcddc27751bc3fd67e21582b51e246c880e2cda43efcef2618c6af0fed7ada92
- SHA512
  
  ae1fd0edb54acd712748bd983ac9863858dc6332424c6be477520eeca6261f320b3cdc56ab582a411cff0eb6ea2e9c23291e9693c9198767fd9f5a084288a371
- SSDEEP
  
  768:XHLwyqDCy1TMJ2MyTSUwKSCh/014+6JcqRwyHINcPl:XHoeZJ+XwKAqJXbHINcPl
Score

10^/10

lokibot spyware stealer trojan collection
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Accesses Microsoft Outlook profiles
  collection
behavioral17 behavioral18
- Target
  
  $TEMP/am/alumni_add/MicrosoftVSDesignerUI.dll
- Size
  
  30KB
- MD5
  
  a93047da478d7764f2a846e138989ee8
- SHA1
  
  071d88347d02f4c469e7b1976028240243712c41
- SHA256
  
  b6aeb0465115c0234efafa4ce5e5f666f14efa59aeb82a2b1b0c20226c14efad
- SHA512
  
  529609040ad5f44bca763541e3f4548a7f9a420a67ce2e6fb111f3d4104eea31e47ccbbc9f44f72a0b671db9f57fbbd184f614efbd906751136d64c868bc0403
- SSDEEP
  
  384:3B1WYrRW5L9k/TqpHHGE0rm5IOAhQwQ//xCtGsGCIC5UV7Eu:ry9k/TqEEdIOEQn//gWCu
Score

1^/10
behavioral19 behavioral20
- Target
  
  $TEMP/dispatch/prev/52.opends60.dll
- Size
  
  48B
- MD5
  
  2c113f0eada02c58621b12aa16cf85c9
- SHA1
  
  a7a8b1b971c2765befdb16ee2b6043dd2dc155db
- SHA256
  
  8935bcf2c389ffdfa7bd3eccc2af92dd8092f11f8845d95f16e61f7393edf86b
- SHA512
  
  696b7699f1e57538549f9715be516ee101642c2d109d87cc0033f174c2151a1b4fafb00d881650f4e8947ce09565f6431092f67464812cbee43a18cf5a893285
Score

1^/10
behavioral21 behavioral22
- Target
  
  $TEMP/mchat/jpa/brands/33.opends60.dll
- Size
  
  52B
- MD5
  
  4171519896113ebb515847ecec465a45
- SHA1
  
  a8e9e98e95fd2d5335f804c19b60fbdbc7664f7b
- SHA256
  
  d770c8767f6d7d51d919d5bef2e0ffb61b6dc2172e99b8ef83d2359f44f2b949
- SHA512
  
  8344717c3de03812cfa2fdcbce071c5501608b63659133efea16457452676eb0babd587df06c260c9179d6bda7c8f41a42e9293e87b370fbb5f9f969d9316d47
Score

1^/10
behavioral23 behavioral24
- Target
  
  $TEMP/mchat/jpa/brands/59.opends60.dll
- Size
  
  53B
- MD5
  
  094581676228628668b2b30b1b61c63c
- SHA1
  
  cd09890bb8da29edda4ee75d193fdcd2f042ce50
- SHA256
  
  c02be33c378c6dc4f993a9fe83e88f265b19e81bdf13d56146f14add71c960cf
- SHA512
  
  7078a08c819fa9fdfcabfb2d0c93b4b3aa8aa44dcfe3b28640651a55f6dc3ffb96e5c03e998930e52cad0afedc549aa260017bd2bd5b024e3eef52c2b76dc52e
Score

1^/10
behavioral25 behavioral26
- Target
  
  $TEMP/mchat/jpa/brands/MicrosoftVisualStudioVCProject.dll
- Size
  
  12KB
- MD5
  
  764476d7dd24d9985094b893703c286f
- SHA1
  
  5457c9241b5c6d5c75ba0d658d7eee9771e2e9df
- SHA256
  
  f495e676a55360c516c6c57e20b5839007ac25379b992ec33afcb36e3a5de6ad
- SHA512
  
  6fdaea500aa4d357a086149772f9e493bde963c94074c01d0797ac0e4c8ce3a50e30a59f0cdc9f162b0b514deed5d2638ad2896afb2e856dfdbbf650c3d1978c
- SSDEEP
  
  192:HuNyzZuu7Ykg2TTv4Sy9PlgV4gViTBUGbLJ37gmEXGk3y6BxtWr89WN:Hhsk9TESoXgViTBUG537sXx3y6LtWI9W
Score

1^/10
behavioral27 behavioral28

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Email Collection

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Loads dropped DLL

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Lokibot

Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28