lokibot | 744efffd117bb492d7707a2d16ae3e16dc65ea52b475c4b1f8d993f66f89f08c | Triage

Sharing

General

Target

767fad8469801daac50f5365709e0149_JaffaCakes118
Size

532KB
Sample

240526-xngylsgd6x
MD5

767fad8469801daac50f5365709e0149
SHA1

61644800d1d9e46a2cd0e628bed9fd68f62428e0
SHA256

744efffd117bb492d7707a2d16ae3e16dc65ea52b475c4b1f8d993f66f89f08c
SHA512

554bd5dcd661e60a07a60deb116032eaa1b041ca1ba00b27bb9136b986cac8e7c80d456f75b789458f98bccb671a521b636901e192ca561bfaefa4eccf24ff18
SSDEEP

6144:lEBrHvFzum8tLMmbRLHMTg2N6lpiKYeWPo+X84xLy57:lEjItLMMJMqlpHp4

Score

10^/10

lokibot collection spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://deloilte.com/wp-content/uploads/2018/09/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  767fad8469801daac50f5365709e0149_JaffaCakes118
- Size
  
  532KB
- MD5
  
  767fad8469801daac50f5365709e0149
- SHA1
  
  61644800d1d9e46a2cd0e628bed9fd68f62428e0
- SHA256
  
  744efffd117bb492d7707a2d16ae3e16dc65ea52b475c4b1f8d993f66f89f08c
- SHA512
  
  554bd5dcd661e60a07a60deb116032eaa1b041ca1ba00b27bb9136b986cac8e7c80d456f75b789458f98bccb671a521b636901e192ca561bfaefa4eccf24ff18
- SSDEEP
  
  6144:lEBrHvFzum8tLMmbRLHMTg2N6lpiKYeWPo+X84xLy57:lEjItLMMJMqlpHp4
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojan

behavioral2

lokibotcollectionspywarestealertrojan