lokibot | 18b7250e7d937938416cc206934da3cd84324802fc34fcd8f8d5b1bc6dbf684b | Triage

Sharing

General

Target

18b7250e7d937938416cc206934da3cd84324802fc34fcd8f8d5b1bc6dbf684b.exe
Size

96KB
Sample

240522-rn53jseb55
MD5

659a80455fd775588eb78ceda157f9d8
SHA1

9c3508ac928b3c6158dc7d72e7742d988da8cf3c
SHA256

18b7250e7d937938416cc206934da3cd84324802fc34fcd8f8d5b1bc6dbf684b
SHA512

ed6e3a0e70577b959d9f5dbab94a4de15a3cfedf78522f9631bff9946c5bd2dd0e3dc68bfd555158c47a54e6711bb0910004f94bfb8100f789930b7c4d3be7ed
SSDEEP

1536:6zvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqcIzmd:hSHIG6mQwGmfOQd8YhY0/E1UG

Score

10^/10

lokibot collection spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://45.61.137.215/index.php/3b1tenbkyj

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  18b7250e7d937938416cc206934da3cd84324802fc34fcd8f8d5b1bc6dbf684b.exe
- Size
  
  96KB
- MD5
  
  659a80455fd775588eb78ceda157f9d8
- SHA1
  
  9c3508ac928b3c6158dc7d72e7742d988da8cf3c
- SHA256
  
  18b7250e7d937938416cc206934da3cd84324802fc34fcd8f8d5b1bc6dbf684b
- SHA512
  
  ed6e3a0e70577b959d9f5dbab94a4de15a3cfedf78522f9631bff9946c5bd2dd0e3dc68bfd555158c47a54e6711bb0910004f94bfb8100f789930b7c4d3be7ed
- SSDEEP
  
  1536:6zvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqcIzmd:hSHIG6mQwGmfOQd8YhY0/E1UG
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojan

behavioral2

lokibotcollectionspywarestealertrojan