lokibot | ed442cb3c6ef62748d9fadb1217097267dcb3c10231d94c697b815473c4ae831 | Triage

Sharing

General

Target

7bec28aa904517990cbb2b5c8e788e2d_JaffaCakes118
Size

480KB
Sample

240528-gj96lahf64
MD5

7bec28aa904517990cbb2b5c8e788e2d
SHA1

b9b3564ac3cf4c3818f2487aa9ef257dfc92daa9
SHA256

ed442cb3c6ef62748d9fadb1217097267dcb3c10231d94c697b815473c4ae831
SHA512

8c350bde0cb6dabb0081d1519486227d69a65e0c3e57540a8e708557ac348e40dac08ab7b8c740837e45e2eae911e9bda14e90acbf2b0e937a619ce6f831c9da
SSDEEP

6144:Mi2SZlApLj6VkPpdmgmGPsPHqTKoPrwUvzgVnQDIXRWJwV2WnPNOrg7N:Mi2emLj6SdzRGoPJgVKIXwpWnFOM7N

Score

10^/10

lokibot collection spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://slyviv19.ml/ifeanyi/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  7bec28aa904517990cbb2b5c8e788e2d_JaffaCakes118
- Size
  
  480KB
- MD5
  
  7bec28aa904517990cbb2b5c8e788e2d
- SHA1
  
  b9b3564ac3cf4c3818f2487aa9ef257dfc92daa9
- SHA256
  
  ed442cb3c6ef62748d9fadb1217097267dcb3c10231d94c697b815473c4ae831
- SHA512
  
  8c350bde0cb6dabb0081d1519486227d69a65e0c3e57540a8e708557ac348e40dac08ab7b8c740837e45e2eae911e9bda14e90acbf2b0e937a619ce6f831c9da
- SSDEEP
  
  6144:Mi2SZlApLj6VkPpdmgmGPsPHqTKoPrwUvzgVnQDIXRWJwV2WnPNOrg7N:Mi2emLj6SdzRGoPJgVKIXwpWnFOM7N
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojan

behavioral2

lokibotcollectionspywarestealertrojan