lokibot

General

Target

2024-06-13_6d20693d0cae3cb145a010abb1b07f7d_megazord
Size

3.0MB
Sample

240613-mkt4navdrf
MD5

6d20693d0cae3cb145a010abb1b07f7d
SHA1

17c40f1f006846f2e8b99cb822a9b3f261103be9
SHA256

97b2adff8b4be8067926c36e5429d64e2ebcfbf37dbc1fd2c5879bfec11b98fe
SHA512

bb7a05bd8d6847a7b5b92bef0fcc7aff2a21103666bdce098093cd9e4a45f649feb60e412e0a9fbb2d80b7b2e7f197aabca8af61207bd994ba51d014eabaeca7
SSDEEP

49152:m8yJAk206NICMq5pzKRgqVzKjqgF931wmz:hBsZq

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://45.61.136.239/index.php/9460648709801952970

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  2024-06-13_6d20693d0cae3cb145a010abb1b07f7d_megazord
- Size
  
  3.0MB
- MD5
  
  6d20693d0cae3cb145a010abb1b07f7d
- SHA1
  
  17c40f1f006846f2e8b99cb822a9b3f261103be9
- SHA256
  
  97b2adff8b4be8067926c36e5429d64e2ebcfbf37dbc1fd2c5879bfec11b98fe
- SHA512
  
  bb7a05bd8d6847a7b5b92bef0fcc7aff2a21103666bdce098093cd9e4a45f649feb60e412e0a9fbb2d80b7b2e7f197aabca8af61207bd994ba51d014eabaeca7
- SSDEEP
  
  49152:m8yJAk206NICMq5pzKRgqVzKjqgF931wmz:hBsZq
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.
- Detects executables containing common artifacts observed in infostealers
- Detects executables referencing many file transfer clients. Observed in information stealers
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Detects binaries (Windows and macOS) referencing many web browsers. Observed in information stealers.

Detects executables containing common artifacts observed in infostealers

Detects executables referencing many file transfer clients. Observed in information stealers

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2