lokibot

Sharing

Copy URL

Twitter E-mail

General

Target

89c5e2ae2648672d61b4fa36e5957e55_JaffaCakes118
Size

308KB
Sample

240601-jgwarsfa95
MD5

89c5e2ae2648672d61b4fa36e5957e55
SHA1

1f86886ae34f934ad3529bb29541999b3731fd82
SHA256

e6af8c20aa307a53eb603f3e0d8858cff02f49495c9b51ce410cc841581283d4
SHA512

eea49c866e687f17f276d9ab21fedbd27582128e76fdabca2338717fd18cc5e3d3a8dc13797b53b7a76f99334df4fab4240ac0e44ec175e4038e666f0c132b6f
SSDEEP

6144:JPCganNlPCaxFExssRVNJRImf5K91o2JxS/EGXCRWoGDn8gBfjv1haN3YqC8hA:HanLvxFE2stJ6mxKo2JxmuAn8gxv1s5o

Score

10^/10

Malware Config

Extracted

Family

lokibot

http://remzclot.ga/etc/main/l09/harl/mode.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  89c5e2ae2648672d61b4fa36e5957e55_JaffaCakes118
- Size
  
  308KB
- MD5
  
  89c5e2ae2648672d61b4fa36e5957e55
- SHA1
  
  1f86886ae34f934ad3529bb29541999b3731fd82
- SHA256
  
  e6af8c20aa307a53eb603f3e0d8858cff02f49495c9b51ce410cc841581283d4
- SHA512
  
  eea49c866e687f17f276d9ab21fedbd27582128e76fdabca2338717fd18cc5e3d3a8dc13797b53b7a76f99334df4fab4240ac0e44ec175e4038e666f0c132b6f
- SSDEEP
  
  6144:JPCganNlPCaxFExssRVNJRImf5K91o2JxS/EGXCRWoGDn8gBfjv1haN3YqC8hA:HanLvxFE2stJ6mxKo2JxmuAn8gxv1s5o
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2
- Target
  
  $APPDATA/scriptlibrary/39.opends60.dll
- Size
  
  46B
- MD5
  
  d7cdf6f5f061d313ef2aabdd84fa89c0
- SHA1
  
  9bf71a5803e670b4811416d2d412dc965164583e
- SHA256
  
  ec5c0007401f1caa74892f1937494453139a00191cdbc6b5db6b26cc9fd651d1
- SHA512
  
  274357e0265d3f5707c977f99be19a83e9b044faf481a7f3075c0da25b08e586ea17813c21b397a934deecf2f757cbb48a461fcb84cde9f1f511c5d5a21478ff
Score

1^/10
behavioral3 behavioral4
- Target
  
  $APPDATA/scriptlibrary/MCppCodeDomProvider.dll
- Size
  
  48KB
- MD5
  
  dea1dfbd72e2534ed39c737bfbfcd82d
- SHA1
  
  72ea9b3a4017d0c37d0f5b20e02008ffbc88b79d
- SHA256
  
  d828cda4a89557b24cc2a492cb3f6b09ec69c3ea00d36f5024b58942db9d76ea
- SHA512
  
  254c575fa45b90d58111336600b1df25b33ac246c75b4edf4abc7500e118a66a78a26871af046bcb080fc31e82181a4599e8ff4761cf560fdec7c1c7649ebe16
- SSDEEP
  
  768:ejSqkAVXYRXpXfkPcPMdFwBKmq5aYFRJevf:BqkAKfkkPMdmBKm2aygn
Score

1^/10
behavioral5 behavioral6
- Target
  
  $APPDATA/scriptlibrary/autolaytui.dll
- Size
  
  6KB
- MD5
  
  1afcdd3beb62da7b5b695fc0666d26ec
- SHA1
  
  271c9c73e25b66fac894ad77af57a12b4fb80602
- SHA256
  
  c9b43f966e47ce35d13d0d78af049a2382b3c0a58f4e44306123e805f9d0df83
- SHA512
  
  d11c904ca069a27f12c2908b1625171fa583f9ed17c1efccd52aaed1c8591fb2377137915c56d09e331071c6a79c98f8f6baceab1dc97fa0f96c5f6360be812a
- SSDEEP
  
  96:9gTwNo4ON4YwU7ftsj0Y8nA5K49EWbkzQWPVnPV:9gGBIZUmWgzQWNd
Score

1^/10
behavioral7 behavioral8
- Target
  
  $APPDATA/stow/gutils.dll
- Size
  
  41KB
- MD5
  
  657d1d110e247fec5b6653f69c562e9a
- SHA1
  
  ab92a9a74c55c5e5d05f1f3dde518371dda76548
- SHA256
  
  9a77a59e040e99459d1ab2be8c5721b0c61aa608abb81c24e7b355f1c2f49176
- SHA512
  
  1faaa0140ed68a335e9c6067767dd8514c635e5a222e611c52e2fa1fd66d39263f4a928bf71843b8bc0a0355ca008408af5f9cf67e82e96c139ce291871074a4
- SSDEEP
  
  768:qlcsy/f7ZAVLfhvKsUNfK74vGHpXwIxYD7LCKD0k7u1WZ7gxU9:ay/TZULfhyHE744wIxy10kSO7H9
Score

1^/10
behavioral10 behavioral9
- Target
  
  $APPDATA/with/count/ConmanClient2.exe
- Size
  
  48KB
- MD5
  
  91dc7b85d80a43fd42a0ce82e077f8b8
- SHA1
  
  a1c00dc46465141a48f180c9dfc49e9af925e248
- SHA256
  
  42a36dab0912246c14d677b5baa3cd0e384acf645fc51db39aac04f2ab1bb760
- SHA512
  
  73f73d73b9b370cbaa606b5b4fc16bdee9780a4afa773aed6aa1a368ad4681493c9b83e8bdc69b4a01f311f171d1e5b3545ac7bfd3577d434668023c08539dfc
- SSDEEP
  
  768:1K9IyEL30E1DYXw0kYCmp0K4ZJg0cDDzssseYp24/JFcZ1GgAsEr:XFHYF6K4ZJg0aXssJYpDhFcZ1KsEr
Score

1^/10
behavioral11 behavioral12
- Target
  
  $APPDATA/with/count/MicrosoftWindowsCEForms.dll
- Size
  
  19KB
- MD5
  
  d818d217b0a8055ae995e94a6caa9db3
- SHA1
  
  f8d9307e9ce7803f48a37778e935ba114a492b12
- SHA256
  
  cbba64117b44e28ba4d05f74d4b11b9770922dfaf50d46316227c5012913068d
- SHA512
  
  55b907a136563dcfbe85ef38c1599f76f6b77c7bdd9ef52d708f5fa783bb5ad1c5a01138473e835efca10abb733ae6a03532ca2ec7414e7edc4caaca95fd8b03
- SSDEEP
  
  384:IX/u/+j0QSjE1tmD6NQq36jWa7NEhN3JkWXjYWSYLCcM36mn9:Cj0rg7Q6NYYL3u6Y9
Score

1^/10
behavioral13 behavioral14
- Target
  
  $TEMP/TenrecSaggar.dll
- Size
  
  43KB
- MD5
  
  edb845779d91dcc37810eec0f029dfd3
- SHA1
  
  8ed5905bf015d0f7508b2af8b6be79a368aceada
- SHA256
  
  785275c1afb2a166f159c391a21afe5d82c30cc479a7837c28abb89adff67b87
- SHA512
  
  829b227037b4e3be5811b396ebaf7dbffb1ada24d955025d96f81a61d774c400b6c3997133f72cb1a601a7de60033baef344333bc8cd8749628eac4d206f2016
- SSDEEP
  
  768:JT0LUpldyjKuOexoIhIOGnTEDVBP3vydFd1sbUKV:JSCyhSgY4BidFiV
Score

10^/10

lokibot spyware stealer trojan collection
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral15 behavioral16
- Target
  
  $TEMP/crm/IEExecRemote.dll
- Size
  
  8KB
- MD5
  
  0d5fe1c95afe423b214f13e856d0f1a5
- SHA1
  
  539727bee5ba21bbf8591a4927807a7a42d9161d
- SHA256
  
  46862e0cd12555ac96a76ce1ffca06d6ef250b709e09e5c8441793d4c04e5a38
- SHA512
  
  d578184f1f37bca0cbbd893984b1159c4d541b290f7a1339759b9cd870f450edda76807e853fc6bd8da91d6186dd07ad05012218cfcb910cdae07f4180e442ba
- SSDEEP
  
  192:azEJySPTVhqQwRGC19x4VIJI13WyNNtrW/:NJySBk9RfNxJI13WyvtrW
Score

1^/10
behavioral17 behavioral18
- Target
  
  $TEMP/crm/StoreAdm.exe
- Size
  
  19KB
- MD5
  
  a9c6d50aed840dc5ecb9456efb6c4205
- SHA1
  
  b85b0392743c4f0d9f94a872247a7556770757dd
- SHA256
  
  fc764006b963e0c0a0e15cdc273a4491bca5e5fb2045bbbd3c79538bc0bb695f
- SHA512
  
  ed9d46486358ef3cd637317a5a107b89ce42556c91fe07e27e37386f8b13c7ef0a80798436fb63175cd00d02635ac894fa16ba99e5faf9cd34757f3d5f712da8
- SSDEEP
  
  384:5rZgYkNCU+htQdugbMHFu+Eg6ihJSxUCR1rgCPKabK2t0X5P7DZ+kgpWDa9rW:5rZgYkNCU+hMuQMH45FRJCg1
Score

1^/10
behavioral19 behavioral20
- Target
  
  $TEMP/redesign/pbo/ProjWizUI.dll
- Size
  
  3KB
- MD5
  
  311aa10ab1c6fe05e80463232e10efa0
- SHA1
  
  19ca5bb1a25514fb7d93aabb7fe7af88ea4961d0
- SHA256
  
  9ea6362959d9aaf043928ff088084998b13ccc7eb06b9c650b5dd2cc0a2a5bd2
- SHA512
  
  1ac12b778fb851cc38fda1754fd4ca3f073641614042035d1c8f8ceffd9adeeb7c4faf588beb9d3b1faa1f6782f2564435d8360655343f131b6f2bbe4171e1de
Score

1^/10
behavioral21 behavioral22

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Email Collection

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Loads dropped DLL

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Lokibot

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22