lokibot

General

Target

200520241603ObjednvkaPO3078320EXIMTECH_NeikiAnalytics
Size

452KB
Sample

240521-jxx5asdh6y
MD5

3317ab453fe664a4d112079f61f9dcf0
SHA1

d442edcbc4b28df49b710cc867e803f23aa0b3aa
SHA256

df165f29ae7ea9bfdcb2b47c8919857ba44fcf51a156ee046226606eaeedc07e
SHA512

1c60bb9705c3903b0f7534dee1f96d7518e7908766ff0b493bd150fcc3eb0333d1c38705da596c26b36900edba899d5af0e9abfaf760a5576e59f7375a82caaa
SSDEEP

6144:WPJkW3DTssHCqHuwHslM8jtunU3jPGV1w67r+vPxDK3VcVVYASzkIDXvL:WPVHCqO9lMkauez7r+BDngASzkIDXj

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

https://altaskifer.sbs/PWS2/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  200520241603ObjednvkaPO3078320EXIMTECH_NeikiAnalytics
- Size
  
  452KB
- MD5
  
  3317ab453fe664a4d112079f61f9dcf0
- SHA1
  
  d442edcbc4b28df49b710cc867e803f23aa0b3aa
- SHA256
  
  df165f29ae7ea9bfdcb2b47c8919857ba44fcf51a156ee046226606eaeedc07e
- SHA512
  
  1c60bb9705c3903b0f7534dee1f96d7518e7908766ff0b493bd150fcc3eb0333d1c38705da596c26b36900edba899d5af0e9abfaf760a5576e59f7375a82caaa
- SSDEEP
  
  6144:WPJkW3DTssHCqHuwHslM8jtunU3jPGV1w67r+vPxDK3VcVVYASzkIDXvL:WPVHCqO9lMkauez7r+BDngASzkIDXj
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

1

T1012

System Information Discovery

2

T1082

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Checks computer location settings

Executes dropped EXE

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2