lokibot | d7f7307959ddb91c1e4bdfa37f109b09b9001394aa2f451ecd1e76e2821fb65a | Triage

Sharing

General

Target

39ad533137233b516d35822ac77f4433_JaffaCakes118
Size

911KB
Sample

240711-srsr3ascln
MD5

39ad533137233b516d35822ac77f4433
SHA1

0b094799be3c61e80435ab9f0febd9df31807974
SHA256

d7f7307959ddb91c1e4bdfa37f109b09b9001394aa2f451ecd1e76e2821fb65a
SHA512

b6eb3bbec922c4fbe2be7a4ce7683631143d8395d710f03103892932cee7eb0e6fd391f65e8b13656f5903b04c3adf265dc113adacf40ef2ef351106ee60e8f5
SSDEEP

12288:yzBCDMWinpSibvwTyO/Gan7Mfidd+96bfiWT+XTtAFIfpjzMAFIZJ5UOFE+hEi/S:UoDtib4TyHanzdA9

Score

10^/10

lokibot collection spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://79.124.8.6/plesk-site-preview/bosungind-kr.co/https/79.124.8.6/garuba/Panel/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  39ad533137233b516d35822ac77f4433_JaffaCakes118
- Size
  
  911KB
- MD5
  
  39ad533137233b516d35822ac77f4433
- SHA1
  
  0b094799be3c61e80435ab9f0febd9df31807974
- SHA256
  
  d7f7307959ddb91c1e4bdfa37f109b09b9001394aa2f451ecd1e76e2821fb65a
- SHA512
  
  b6eb3bbec922c4fbe2be7a4ce7683631143d8395d710f03103892932cee7eb0e6fd391f65e8b13656f5903b04c3adf265dc113adacf40ef2ef351106ee60e8f5
- SSDEEP
  
  12288:yzBCDMWinpSibvwTyO/Gan7Mfidd+96bfiWT+XTtAFIfpjzMAFIZJ5UOFE+hEi/S:UoDtib4TyHanzdA9
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojan

behavioral2

lokibotcollectionspywarestealertrojan