lokibot | ba1d2ea38dfc9307dc992f49729c2a3382913321e67d2c949dcaab135a2b3f1a | Triage

Sharing

General

Target

8ce7a22af5b826b1d7bc171df1306b9b_JaffaCakes118
Size

356KB
Sample

240602-e8h3asbg68
MD5

8ce7a22af5b826b1d7bc171df1306b9b
SHA1

7db081b5279181f067d43ab4b17effd58b8399b2
SHA256

ba1d2ea38dfc9307dc992f49729c2a3382913321e67d2c949dcaab135a2b3f1a
SHA512

7e31a8df28f1cf8e9b494c88167dfcae89d2cc584cf96944d07d11b58b8f909b3adbbbc2791712624a2896da04d62a699378608e658bf4cec5960ed977ebbb3e
SSDEEP

6144:2vvqII9dufWAUlL/Kc0XqzX2NfDiHJmN0Xm2UjPYCzO:2aII9dBSRXqw3yXm2U8

Score

10^/10

lokibot collection spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://tkanilux.com.ua/y0/Panel/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  8ce7a22af5b826b1d7bc171df1306b9b_JaffaCakes118
- Size
  
  356KB
- MD5
  
  8ce7a22af5b826b1d7bc171df1306b9b
- SHA1
  
  7db081b5279181f067d43ab4b17effd58b8399b2
- SHA256
  
  ba1d2ea38dfc9307dc992f49729c2a3382913321e67d2c949dcaab135a2b3f1a
- SHA512
  
  7e31a8df28f1cf8e9b494c88167dfcae89d2cc584cf96944d07d11b58b8f909b3adbbbc2791712624a2896da04d62a699378608e658bf4cec5960ed977ebbb3e
- SSDEEP
  
  6144:2vvqII9dufWAUlL/Kc0XqzX2NfDiHJmN0Xm2UjPYCzO:2aII9dBSRXqw3yXm2U8
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojan

behavioral2

lokibotcollectionspywarestealertrojan