lokibot

General

Target

060ad64d6e63aedbc2250c784d91852e3c2e113aca058565c8988d1930220a83.exe
Size

762KB
Sample

240607-bdjhsseg9v
MD5

0f49bb0c2a604fa78ec0bd36b0a7f364
SHA1

5753b5b6e57c521670d901f441f8e2c65292542e
SHA256

060ad64d6e63aedbc2250c784d91852e3c2e113aca058565c8988d1930220a83
SHA512

0e4e689afdd64e160293ad7d3e26871e20bb53b65e5c3276ba52b325ea9e616019bfda1e0c9fa6342beeb4fe6896ff4b44be4ca8a2c26acc7ca7b0bb2fc95180
SSDEEP

12288:M3qyJMrv295xzbgiPZ1xRllixBcyFDBdH7X+yz3dP7r9r/+ppppppppppppppppF:M6OmvzAUDBt7XvLd1q

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://164.90.149.46/index.php/check.php?s=1

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  060ad64d6e63aedbc2250c784d91852e3c2e113aca058565c8988d1930220a83.exe
- Size
  
  762KB
- MD5
  
  0f49bb0c2a604fa78ec0bd36b0a7f364
- SHA1
  
  5753b5b6e57c521670d901f441f8e2c65292542e
- SHA256
  
  060ad64d6e63aedbc2250c784d91852e3c2e113aca058565c8988d1930220a83
- SHA512
  
  0e4e689afdd64e160293ad7d3e26871e20bb53b65e5c3276ba52b325ea9e616019bfda1e0c9fa6342beeb4fe6896ff4b44be4ca8a2c26acc7ca7b0bb2fc95180
- SSDEEP
  
  12288:M3qyJMrv295xzbgiPZ1xRllixBcyFDBdH7X+yz3dP7r9r/+ppppppppppppppppF:M6OmvzAUDBt7XvLd1q
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
- Detects executables containing common artifacts observed in infostealers
- Detects executables referencing many file transfer clients. Observed in information stealers
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

1

T1552

Credentials In Files

1

T1552.001

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

Detects executables containing common artifacts observed in infostealers

Detects executables referencing many file transfer clients. Observed in information stealers

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2