lokibot | deb9ffc5dbe5a8b0beb10318f8cfa635ed58507056908e017e82dfda950bf3f9 | Triage

Submit
Reports

Overview

overview

Static

static

1

79d1c8d13e...18.msi

windows7-x64

79d1c8d13e...18.msi

windows10-2004-x64

Sharing

General

Target

79d1c8d13e8bb5c694d07e6471f9db57_JaffaCakes118
Size

512KB
Sample

240527-vfas8abh34
MD5

79d1c8d13e8bb5c694d07e6471f9db57
SHA1

231677689b7e2f0b1aa0cfdd190d47462a5279b9
SHA256

deb9ffc5dbe5a8b0beb10318f8cfa635ed58507056908e017e82dfda950bf3f9
SHA512

808240029755b182c9491668ff177e606f7d7a513f2cc535397816c847808e738aa0a8e4be57f2166293c8795756a81300c9c40d869ffb5eff2c2e8e9db0363b
SSDEEP

6144:MEja+qQBv6voU7lpBJjPK22eC+Ic6LRWwp9porgB1O2/BCxBE4+/u4x/HLUWy4+d:MEjmQB6lpJ2eC6wu2yE4yZx/HwrK4

Score

10^/10

lokibot collection spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

79d1c8d13e8bb5c694d07e6471f9db57_JaffaCakes118.msi

Resource

win7-20240221-en

lokibot collection spyware stealer trojan

windows7-x64

16 signatures

150 seconds

Behavioral task

behavioral2

Sample

79d1c8d13e8bb5c694d07e6471f9db57_JaffaCakes118.msi

Resource

win10v2004-20240508-en

lokibot collection spyware stealer trojan

windows10-2004-x64

15 signatures

150 seconds

Malware Config

Extracted

Family

lokibot

C2

http://31.220.2.200/~justicet/ag/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  79d1c8d13e8bb5c694d07e6471f9db57_JaffaCakes118
- Size
  
  512KB
- MD5
  
  79d1c8d13e8bb5c694d07e6471f9db57
- SHA1
  
  231677689b7e2f0b1aa0cfdd190d47462a5279b9
- SHA256
  
  deb9ffc5dbe5a8b0beb10318f8cfa635ed58507056908e017e82dfda950bf3f9
- SHA512
  
  808240029755b182c9491668ff177e606f7d7a513f2cc535397816c847808e738aa0a8e4be57f2166293c8795756a81300c9c40d869ffb5eff2c2e8e9db0363b
- SSDEEP
  
  6144:MEja+qQBv6voU7lpBJjPK22eC+Ic6LRWwp9porgB1O2/BCxBE4+/u4x/HLUWy4+d:MEjmQB6lpJ2eC6wu2yE4yZx/HwrK4
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

Peripheral Device Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojan

behavioral2

lokibotcollectionspywarestealertrojan

© 2018-2024

Terms | Privacy