lokibot | 40c3acdd2174f812c9afe8a9c416642f80cbb461e7a4c061ec3307048c1a1c07 | Triage

Sharing

General

Target

828e0fbb16f93615b6469946e7f7c3ec_JaffaCakes118
Size

769KB
Sample

240530-a65q3ahc29
MD5

828e0fbb16f93615b6469946e7f7c3ec
SHA1

3242a2061ac325142952488b0a072c5c476da036
SHA256

40c3acdd2174f812c9afe8a9c416642f80cbb461e7a4c061ec3307048c1a1c07
SHA512

c83c644b342ec4ee9fd9d6935cb8efc8cfcc79814b583bfaeae33cdc7b03c5ef887c738a47b008b8a9d02f4b1b72d34af72c215b1cac100c7ec15bd11976a09c
SSDEEP

24576:pK/AsNDvLZfTbx/uwf9R99BoUybYeLf+akZ:4dNDvLZ0cR992Uyb2

Score

10^/10

lokibot collection persistence spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://ogaces.ru/michelle/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  828e0fbb16f93615b6469946e7f7c3ec_JaffaCakes118
- Size
  
  769KB
- MD5
  
  828e0fbb16f93615b6469946e7f7c3ec
- SHA1
  
  3242a2061ac325142952488b0a072c5c476da036
- SHA256
  
  40c3acdd2174f812c9afe8a9c416642f80cbb461e7a4c061ec3307048c1a1c07
- SHA512
  
  c83c644b342ec4ee9fd9d6935cb8efc8cfcc79814b583bfaeae33cdc7b03c5ef887c738a47b008b8a9d02f4b1b72d34af72c215b1cac100c7ec15bd11976a09c
- SSDEEP
  
  24576:pK/AsNDvLZfTbx/uwf9R99BoUybYeLf+akZ:4dNDvLZ0cR992Uyb2
Score

10^/10

lokibot collection persistence spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Executes dropped EXE
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectionpersistencespywarestealertrojan

behavioral2

lokibotcollectionpersistencespywarestealertrojan