lokibot | 2947048e9ba8decf638035851c0f576cbf82afc5463d6610eee64bd34f53f4e1 | Triage

Submit
Reports

Overview

overview

Static

static

5

9427ac98d8...18.exe

windows7-x64

9427ac98d8...18.exe

windows10-2004-x64

Sharing

General

Target

9427ac98d81e3c299a1708d84e3ba54e_JaffaCakes118
Size

1.1MB
Sample

240604-kbr7laag6w
MD5

9427ac98d81e3c299a1708d84e3ba54e
SHA1

ca254d31bb2ef6e24ba38457040fd8b29f95e61c
SHA256

2947048e9ba8decf638035851c0f576cbf82afc5463d6610eee64bd34f53f4e1
SHA512

db6e1893d3e065bc05c952ae0069a3e65f1108148f41e040afa79c7b1e8fd855ad0c06016c71ccbf87c8a183d87e11e7e13a733e3ffabf4cd4e66e646098ca7e
SSDEEP

24576:Cu6Jx3O0c+JY5UZ+XC0kGso/WatVVpM8ilDWY:kI0c++OCvkGsUWatfY

Score

10^/10

lokibot collection spyware stealer trojan

Static task

static1

2 signatures

Behavioral task

behavioral1

Sample

9427ac98d81e3c299a1708d84e3ba54e_JaffaCakes118.exe

Resource

win7-20240221-en

lokibot collection spyware stealer trojan

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

9427ac98d81e3c299a1708d84e3ba54e_JaffaCakes118.exe

Resource

win10v2004-20240426-en

lokibot collection spyware stealer trojan

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Extracted

Family

lokibot

C2

http://nvent.icu/Versace/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  9427ac98d81e3c299a1708d84e3ba54e_JaffaCakes118
- Size
  
  1.1MB
- MD5
  
  9427ac98d81e3c299a1708d84e3ba54e
- SHA1
  
  ca254d31bb2ef6e24ba38457040fd8b29f95e61c
- SHA256
  
  2947048e9ba8decf638035851c0f576cbf82afc5463d6610eee64bd34f53f4e1
- SHA512
  
  db6e1893d3e065bc05c952ae0069a3e65f1108148f41e040afa79c7b1e8fd855ad0c06016c71ccbf87c8a183d87e11e7e13a733e3ffabf4cd4e66e646098ca7e
- SSDEEP
  
  24576:Cu6Jx3O0c+JY5UZ+XC0kGso/WatVVpM8ilDWY:kI0c++OCvkGsUWatfY
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojan

behavioral2

lokibotcollectionspywarestealertrojan

© 2018-2025

Terms | Privacy