lokibot

General

Target

310cb005c21c57556ce727e947b156d61715adea6d73c342902c8620f287643d.exe
Size

971KB
Sample

240606-bkpy6aed22
MD5

b511b0274759a20e0e3ef09e8a8e7717
SHA1

60ef9a156c1e4845367a4ef2d9363ff1f0ae2636
SHA256

310cb005c21c57556ce727e947b156d61715adea6d73c342902c8620f287643d
SHA512

849350c66ea07b808d2d6c36f4a9ff05009d8601e6d55e92e3c289211ca14a0902d815ba844977d234ddd446ec719498f05921b106aa202061176ac616fdb61b
SSDEEP

12288:ytb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgacTnH/ujAWYaEN6A:ytb20pkaCqT5TBWgNQ7asnH/+YjN6A

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://giampaolidolciaria.cfd/DV2/PWS/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  310cb005c21c57556ce727e947b156d61715adea6d73c342902c8620f287643d.exe
- Size
  
  971KB
- MD5
  
  b511b0274759a20e0e3ef09e8a8e7717
- SHA1
  
  60ef9a156c1e4845367a4ef2d9363ff1f0ae2636
- SHA256
  
  310cb005c21c57556ce727e947b156d61715adea6d73c342902c8620f287643d
- SHA512
  
  849350c66ea07b808d2d6c36f4a9ff05009d8601e6d55e92e3c289211ca14a0902d815ba844977d234ddd446ec719498f05921b106aa202061176ac616fdb61b
- SSDEEP
  
  12288:ytb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgacTnH/ujAWYaEN6A:ytb20pkaCqT5TBWgNQ7asnH/+YjN6A
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
- Detects executables containing common artifacts observed in infostealers
- Detects executables referencing many file transfer clients. Observed in information stealers
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

Detects executables containing common artifacts observed in infostealers

Detects executables referencing many file transfer clients. Observed in information stealers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2