lokibot | 7874cf4190f58638d9950fe8d450ac98a03dd4bac70bcc43edc4ab3f482a6765 | Triage

Sharing

General

Target

7874cf4190f58638d9950fe8d450ac98a03dd4bac70bcc43edc4ab3f482a6765.rtf
Size

162KB
Sample

240702-bz74aa1gqe
MD5

418c12bd742fe4bc4cf4849870bfc01c
SHA1

e0dde1237e149662e691ea7fba799f3d0d3aff1d
SHA256

7874cf4190f58638d9950fe8d450ac98a03dd4bac70bcc43edc4ab3f482a6765
SHA512

a7986e1c240ad2cd60a74aa78f8e692fb06a8ba4d2a1f94427794230ea1a126e806ee72d190920b90dd5542d984f22f9aae80aff9add3f73669bbc5f565ef362
SSDEEP

3072:8gGZmQDSgQn8/gOUuKdw9KDETVTwiPswb1K1BP1SqLj:8gGZmMSgQnpTZW9KDETVThb1yBPsq3

Score

10^/10

lokibot collection spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://dashboardproducts.info/bally/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  7874cf4190f58638d9950fe8d450ac98a03dd4bac70bcc43edc4ab3f482a6765.rtf
- Size
  
  162KB
- MD5
  
  418c12bd742fe4bc4cf4849870bfc01c
- SHA1
  
  e0dde1237e149662e691ea7fba799f3d0d3aff1d
- SHA256
  
  7874cf4190f58638d9950fe8d450ac98a03dd4bac70bcc43edc4ab3f482a6765
- SHA512
  
  a7986e1c240ad2cd60a74aa78f8e692fb06a8ba4d2a1f94427794230ea1a126e806ee72d190920b90dd5542d984f22f9aae80aff9add3f73669bbc5f565ef362
- SSDEEP
  
  3072:8gGZmQDSgQn8/gOUuKdw9KDETVTwiPswb1K1BP1SqLj:8gGZmMSgQnpTZW9KDETVThb1yBPsq3
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Blocklisted process makes network request
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Exploitation for Client Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojan

behavioral2