lokibot | dea60c7ef6ba3017b359084c07da1fde866e8b1f55ca89989bc0b70b32162bcd | Triage

Sharing

General

Target

80ff899e21f7947355649e2358cca160_JaffaCakes118
Size

104KB
Sample

240529-rez5yagg6v
MD5

80ff899e21f7947355649e2358cca160
SHA1

334c884b65e6db49cb1a84c6eb9a077ef1633653
SHA256

dea60c7ef6ba3017b359084c07da1fde866e8b1f55ca89989bc0b70b32162bcd
SHA512

4d98650c9d12b674f50f43a595b4062df47178c261e1ae2fd36573a643a32f3ab31511439399402841c0e971d745edcee6f1248b9a894f9f8831dc7863eb83aa
SSDEEP

1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG

Score

10^/10

lokibot collection spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://51.68.167.104/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  80ff899e21f7947355649e2358cca160_JaffaCakes118
- Size
  
  104KB
- MD5
  
  80ff899e21f7947355649e2358cca160
- SHA1
  
  334c884b65e6db49cb1a84c6eb9a077ef1633653
- SHA256
  
  dea60c7ef6ba3017b359084c07da1fde866e8b1f55ca89989bc0b70b32162bcd
- SHA512
  
  4d98650c9d12b674f50f43a595b4062df47178c261e1ae2fd36573a643a32f3ab31511439399402841c0e971d745edcee6f1248b9a894f9f8831dc7863eb83aa
- SSDEEP
  
  1536:czvQSZpGS4/31A6mQgL2eYCGDwRcMkVQd8YhY0/EqfIzmd:nSHIG6mQwGmfOQd8YhY0/EqUG
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojan

behavioral2

lokibotcollectionspywarestealertrojan