lokibot | ea0e96bff0a5dee0e9716f2ab2c34c6dbdf1cff514660088b5f4afa396377b5b | Triage

Sharing

General

Target

805cf3cb52e98ed97a79f789bddb6bd1_JaffaCakes118
Size

515KB
Sample

240529-l494jsbf85
MD5

805cf3cb52e98ed97a79f789bddb6bd1
SHA1

b5fdd00fdce7fbc160a5043d2bb70df04f91d3b6
SHA256

ea0e96bff0a5dee0e9716f2ab2c34c6dbdf1cff514660088b5f4afa396377b5b
SHA512

52b4a0bca00b3ee8e9e7fb8d4cb868f8b75d5a4da44cfae69bc701e2f9b7a611082f5bfc67de49e51e8a46fe7be28441070ebc25fbe694749197c883353a80a2
SSDEEP

12288:GGcb3oRZJpFgM78DLMcx4Bs0i93DkLRqsis23d6:ioNp52R9WcsC3d

Score

10^/10

lokibot persistence spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://kings.jesseworld.eu/five/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  805cf3cb52e98ed97a79f789bddb6bd1_JaffaCakes118
- Size
  
  515KB
- MD5
  
  805cf3cb52e98ed97a79f789bddb6bd1
- SHA1
  
  b5fdd00fdce7fbc160a5043d2bb70df04f91d3b6
- SHA256
  
  ea0e96bff0a5dee0e9716f2ab2c34c6dbdf1cff514660088b5f4afa396377b5b
- SHA512
  
  52b4a0bca00b3ee8e9e7fb8d4cb868f8b75d5a4da44cfae69bc701e2f9b7a611082f5bfc67de49e51e8a46fe7be28441070ebc25fbe694749197c883353a80a2
- SSDEEP
  
  12288:GGcb3oRZJpFgM78DLMcx4Bs0i93DkLRqsis23d6:ioNp52R9WcsC3d
Score

10^/10

lokibot persistence spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotpersistencespywarestealertrojan

behavioral2

lokibotpersistencespywarestealertrojan