lokibot | 61389968a67ea866267a4c20d0abf98ffe41214dccd307c839db9d6c99f779f6 | Triage

Sharing

General

Target

6b5d2929f15ebaaa27a696a4aa1d85ec_JaffaCakes118
Size

449KB
Sample

240724-m38prsshkr
MD5

6b5d2929f15ebaaa27a696a4aa1d85ec
SHA1

db226d7906f601f8ac572638f4e3e99b386588c4
SHA256

61389968a67ea866267a4c20d0abf98ffe41214dccd307c839db9d6c99f779f6
SHA512

c157e49f42c024e964a0839bfd0dedffe7bac322970e1f57a473fd230d376bae3e0085e9b417f6d30d002690a76666901df01028cfb622d69ce3262056c02b3d
SSDEEP

6144:nX6nyoxQ820zUxQG2S5zZhnAkulV5VUW//An3qgCyUFL4wPgdc5gOQ71xmIrj:X6y02oU6JzzyW//An3tgBPqc2Rxmy

Score

10^/10

lokibot collection credential_access discovery spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://51.195.53.221/p.php/7gEWZ4upg1lkl

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  Shipping Details_PDF.exe
- Size
  
  506KB
- MD5
  
  87f2e974ce1409d31ff4357ca83cdc51
- SHA1
  
  896d62c4d3c728d11c2122ede992a3359840b85e
- SHA256
  
  1b729638fb6cebf16ff6dc59c6144123367649b1ae68b50404a20678d6344287
- SHA512
  
  7a91f4f38bac4ebe588d90d365d8afc6f295c1871e27d47f2cf1525871e5cc57fc186b397212cce59044597b8d44a5ab4b643c07bc281e5597f03063e6a09196
- SSDEEP
  
  12288:9pssEBBt2kF+ABZ2EQcFi4Ts7pbFy9mGU2kwD:sHS2ZvFHsfmmXwD
Score

10^/10

lokibot collection credential_access discovery spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

behavioral2

lokibotcollectioncredential_accessdiscoveryspywarestealertrojan