lokibot | 87699d5e90addbea8c647b5b735499b289f6d0570aad9ef1f71804aeb7f9499f | Triage

Sharing

General

Target

ad1b5a7e20fe6f100d74ccfaf1201aa0_JaffaCakes118
Size

492KB
Sample

240615-gt1pxavank
MD5

ad1b5a7e20fe6f100d74ccfaf1201aa0
SHA1

9442a8c6f6692a2e08fb99072f13eeaa1ba85525
SHA256

87699d5e90addbea8c647b5b735499b289f6d0570aad9ef1f71804aeb7f9499f
SHA512

037e5be27090afbee4f8ed4185d0c0f56f78d0ca912d8fea3d98466575836e1e0d0aebe333a7a5f15390763542e0cf9177e11c75ad2c94c7969a344b5334bd37
SSDEEP

6144:29YLEZjB5DHX0hE96SKEDQBikAmNYQ8yfrnGsZtKMfp5Nm0G2bHRMvFEK2Xh3FjX:29YLDhmfQFNY9ipLzboG/r

Score

10^/10

lokibot collection spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://kasongogold.com/sertyui890/kertyuiyt/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  ad1b5a7e20fe6f100d74ccfaf1201aa0_JaffaCakes118
- Size
  
  492KB
- MD5
  
  ad1b5a7e20fe6f100d74ccfaf1201aa0
- SHA1
  
  9442a8c6f6692a2e08fb99072f13eeaa1ba85525
- SHA256
  
  87699d5e90addbea8c647b5b735499b289f6d0570aad9ef1f71804aeb7f9499f
- SHA512
  
  037e5be27090afbee4f8ed4185d0c0f56f78d0ca912d8fea3d98466575836e1e0d0aebe333a7a5f15390763542e0cf9177e11c75ad2c94c7969a344b5334bd37
- SSDEEP
  
  6144:29YLEZjB5DHX0hE96SKEDQBikAmNYQ8yfrnGsZtKMfp5Nm0G2bHRMvFEK2Xh3FjX:29YLDhmfQFNY9ipLzboG/r
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojan

behavioral2

lokibotcollectionspywarestealertrojan