lokibot | abad517ef7bafa4790c37c09c307897084de0d2f402a1866adaf076af7a92d85 | Triage

Sharing

General

Target

8b57c3cfa806a5963d588bf10a1cfc7f_JaffaCakes118
Size

479KB
Sample

240601-wyytfabe77
MD5

8b57c3cfa806a5963d588bf10a1cfc7f
SHA1

a9432c85bdd37952fd64bc576a4ca79b799164f3
SHA256

abad517ef7bafa4790c37c09c307897084de0d2f402a1866adaf076af7a92d85
SHA512

c2bde5c0baac36e8bd7b4eecd77a7e82da39a9acbfc7d3a38b13c4365188cf96e73637481d36fdc50a4ded6f81ad571acbb36cf8d434d9af5b495c000bae09ef
SSDEEP

6144:SZ3KJKtzmzgtU9BqzLqgmh0r4snkikveKGwW:SJ5lltjqikmLZ

Score

10^/10

lokibot collection spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://31.220.1.98/isueyw/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  8b57c3cfa806a5963d588bf10a1cfc7f_JaffaCakes118
- Size
  
  479KB
- MD5
  
  8b57c3cfa806a5963d588bf10a1cfc7f
- SHA1
  
  a9432c85bdd37952fd64bc576a4ca79b799164f3
- SHA256
  
  abad517ef7bafa4790c37c09c307897084de0d2f402a1866adaf076af7a92d85
- SHA512
  
  c2bde5c0baac36e8bd7b4eecd77a7e82da39a9acbfc7d3a38b13c4365188cf96e73637481d36fdc50a4ded6f81ad571acbb36cf8d434d9af5b495c000bae09ef
- SSDEEP
  
  6144:SZ3KJKtzmzgtU9BqzLqgmh0r4snkikveKGwW:SJ5lltjqikmLZ
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojan

behavioral2

lokibotcollectionspywarestealertrojan