lokibot

Sharing

Copy URL

Twitter E-mail

General

Target

9ebd85210f51d18862b5d197e73309f0_JaffaCakes118
Size

306KB
Sample

240611-thzppatalj
MD5

9ebd85210f51d18862b5d197e73309f0
SHA1

d2c5cd6181532dbb278a13af5b563feb41fb9fe0
SHA256

b1a522cf1688c79e5148c41caa7ebf9c71f9cb0a87e3d2c3acd4a0e5f9c22705
SHA512

6bef4c9c01c706bcf24abb06dfd60929319018374e4e991382df492c206d03d5562a3faa7219c403d0866d227a9bc83f10dffd8b055609127e8833cb68d4d1e0
SSDEEP

6144:JPCganNRhnecKgH4G/ptftDbNZRcZEpK28TqGH+MnY47Z9toVk:Hanjh//XNNZ2ZeqH+8H19to2

Score

10^/10

Malware Config

Extracted

Family

lokibot

http://remzclot.ga/etc/main/l09/ap0s/home.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  9ebd85210f51d18862b5d197e73309f0_JaffaCakes118
- Size
  
  306KB
- MD5
  
  9ebd85210f51d18862b5d197e73309f0
- SHA1
  
  d2c5cd6181532dbb278a13af5b563feb41fb9fe0
- SHA256
  
  b1a522cf1688c79e5148c41caa7ebf9c71f9cb0a87e3d2c3acd4a0e5f9c22705
- SHA512
  
  6bef4c9c01c706bcf24abb06dfd60929319018374e4e991382df492c206d03d5562a3faa7219c403d0866d227a9bc83f10dffd8b055609127e8833cb68d4d1e0
- SSDEEP
  
  6144:JPCganNRhnecKgH4G/ptftDbNZRcZEpK28TqGH+MnY47Z9toVk:Hanjh//XNNZ2ZeqH+8H19to2
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2
- Target
  
  $APPDATA/yonetici/agent/ht/ZipExeStub.exe
- Size
  
  26KB
- MD5
  
  69aa866258d8c730bf1feffeabe57fa5
- SHA1
  
  b4a895c279b6900e60cb5e90cdd5a6e9b79828af
- SHA256
  
  0e1d1b6545d1162c755e0b22c97dfd337dfc64fb8791704a93c84d448b44511f
- SHA512
  
  faf62cd96aacf1a94d4e893e4ecad9f494ecc61f548f0b955f3f47405696c6b1ccaac4a3b57dd9a56cbf0db81b64a36c55fce31a983a26be5a66d41c9b1ed5a1
- SSDEEP
  
  384:BsJQbkxQ7ECMcxIHe7g6ihJSxUCR1rgCPKabK2t0X5P7DZ+uelWLwWfLCcMe/oTC:BsJQb9Mcxqe7FRJBOtL3d/o+
Score

1^/10
behavioral3 behavioral4
- Target
  
  $APPDATA/yonetici/agent/ht/vcdeployui.dll
- Size
  
  10KB
- MD5
  
  86e8573da0da08bc5801eeb05722b900
- SHA1
  
  9df15367a068e8f16bea5b098c1bc5ab0fe8f816
- SHA256
  
  116d2a7b1c04779dc774f9012dff83f01cc4905bfce0e745c1e6f1b469b445a2
- SHA512
  
  bcb449de7aac0e68802868948344f57d7113eb16209ac8d2b5fd68f387c21998748763e34bc15cfb2ea3d9b09df4379eeac9b7651064a633d09d2ae6befaa724
- SSDEEP
  
  96:yOKkWxHSIWPpJG4yQMsn+WT74+olgDS8zlzcWmzIBTCT5o4nzkInvzUiPjP7TPmP:hWxyIWRIx+4+Yu7RS/I1vIQG
Score

1^/10
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/BgImage.dll
- Size
  
  7KB
- MD5
  
  1f56d9c34643cc8033ec8e628df11cfb
- SHA1
  
  1231b571a298c16a1f618799fc7d20b72ccb2747
- SHA256
  
  c1593d641b89c8cf294ce4efeaea5d0a69b095f04947ecdabbef73d3225d3480
- SHA512
  
  a0c80e6f5c4aa6f34b601951033b709944d3522a6faefad11d9d8f1b4398d379d4e5618029c8134204f344e8a71bfff4e19c2d6693f2119ffd05e67dd9148d24
- SSDEEP
  
  96:8eU0AKTIfv7QCUsthvNL85s4lk38Eb3CDfvEh8uLzqkfnLiEQjJ3KxkP:tGBfjbUA/85q3wEh8uLm2LpmP
Score

1^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  0063d48afe5a0cdc02833145667b6641
- SHA1
  
  e7eb614805d183ecb1127c62decb1a6be1b4f7a8
- SHA256
  
  ac9dfe3b35ea4b8932536ed7406c29a432976b685cc5322f94ef93df920fede7
- SHA512
  
  71cbbcaeb345e09306e368717ea0503fe8df485be2e95200febc61bcd8ba74fb4211cd263c232f148c0123f6c6f2e3fd4ea20bdecc4070f5208c35c6920240f0
- SSDEEP
  
  192:qPtkiQJr7V9r3HcU17S8g1w5xzWxy6j2V7i77blbTc4U:F7VpNo8gmOyRsVc4
Score

3^/10
behavioral10 behavioral9
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  6e64e5d5f9498058a300b26b8741d9d5
- SHA1
  
  837ce28e5e02788da63a7f1d8f20207d2b0bf523
- SHA256
  
  8d4b1c275fd1cd0782a265080b56d1aec8d1c93edca5ef3b050d1d20d7b61f33
- SHA512
  
  f53514d36021d79f85df2494d403f03589b3ad848889b9224f962cc932ef740f127131a914c7171ad8136ca1ef631285ea1c80576db18ccf8ea56940eb00ea1e
- SSDEEP
  
  96:oWW4JlD3c151V1gQoE8cxM2DjDf3GEst+Nt+jvcx4P8qndYv0PLE:oWp3ggQF8REskpx8dO0PLE
Score

3^/10
behavioral11 behavioral12
- Target
  
  $PLUGINSDIR/nsExec.dll
- Size
  
  6KB
- MD5
  
  293165db1e46070410b4209519e67494
- SHA1
  
  777b96a4f74b6c34d43a4e7c7e656757d1c97f01
- SHA256
  
  49b7477db8dd22f8cf2d41ee2d79ce57797f02e8c7b9e799951a6c710384349a
- SHA512
  
  97012139f2da5868fe8731c0b0bcb3cfda29ed10c2e6e2336b504480c9cd9fb8f4728cca23f1e0bd577d75daa542e59f94d1d341f4e8aaeebc7134bf61288c19
- SSDEEP
  
  96:4BNbUVOFvfcxEAxxxJzxLp+eELeoMEskzYzeHd0+uoyVeNSsX4:EUVOFvf9ABJFHE+FkEad0PLVeN
Score

3^/10
behavioral13 behavioral14
- Target
  
  $TEMP/go/25.opends60.dll
- Size
  
  44B
- MD5
  
  09537416318f379396bddbc18046de39
- SHA1
  
  dc6111549ff49afa587425603cc0c545b034b988
- SHA256
  
  b407fe7ddcc7303ef167873a6498e8ebd771e9b4b432ad0a458a029574ca6afd
- SHA512
  
  20b9ab08d3e940d687404436e2d6c8b4c1a9121987382c6253d7d93fc2b556fb8780742af08d8b73e4d50ea9b23d2e62298669650df60ed38e6f23c5c0155619
Score

1^/10
behavioral15 behavioral16
- Target
  
  $TEMP/go/35.opends60.dll
- Size
  
  57B
- MD5
  
  b330e04d27f2b76246c9401bb9df8405
- SHA1
  
  fea5928cf1704d14ee717bb703c65aedfb194751
- SHA256
  
  99e399e564c46308a2ec22a427f5338433a820c09ff559c8f6488be9199ed1ad
- SHA512
  
  b07555fa3fb5e11e91583c28922f5a59f09e0cc8244b3bc5e62cfc231cd4a4da080f0653d404ca9a8ab332f61e393ed17235858e84dca0578f8ae51e9b5f30a9
Score

1^/10
behavioral17 behavioral18
- Target
  
  $TEMP/go/pidgen.dll
- Size
  
  39KB
- MD5
  
  d6daa21229600584d00093df481c921f
- SHA1
  
  a0848216ed5ddf3945938de79c746ce7424c30aa
- SHA256
  
  888f6c10d62ba7470fb457f054769e24a35edb86a3144214113b5a6472b0332f
- SHA512
  
  d0cd6370ee5bb8daad4f07a63bb16554a723ee0959bff447b0b67c41bb3f32404d1ba2eb219679498a55ea63204584f5c2fb2ae466c3d0654fa0e118069b06fa
- SSDEEP
  
  768:WGDpZQyMVVIDR4fUB+9RtYknN5EQmlCHhrBPsx1H9xllMGCacV:WGDn4KDOMET97ax1rcV
Score

3^/10
behavioral19 behavioral20

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Email Collection

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Loads dropped DLL

Reads user/profile data of web browsers

Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20