lokibot | a2c210bc0a93a0020d9ab7d164dd21ca83132f4698454007c5ba1537783f5f05 | Triage

Sharing

General

Target

503f99cca712608310319d80101d7d42_JaffaCakes118
Size

348KB
Sample

240729-s7x2qavhkk
MD5

503f99cca712608310319d80101d7d42
SHA1

bd025c863be3d3e34f2acbb02a94d0740b67d90f
SHA256

a2c210bc0a93a0020d9ab7d164dd21ca83132f4698454007c5ba1537783f5f05
SHA512

2529dc92043319776358c87ac24398c989a8c11a583aab5cb30a6e84f9cd64a25f311cc7249030a4079c97eaebd48c9550377fbd530f715a2240cb45e0197056
SSDEEP

6144:Wm+swf8i6uLmHR4j/sFAmSCAHZ8KR3V2FtZE8UDos2H2+R6zP:WJP6uqsmiZ8KRlSqDofNRO

Score

10^/10

lokibot collection credential_access discovery spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://chosunshippinq.com/three/gates2/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  GN-900039357.exe
- Size
  
  573KB
- MD5
  
  fdfb899944740761e25ab0c7b54227e0
- SHA1
  
  147654218b63ccd709a0fcb3805a4be9aa5d2cc4
- SHA256
  
  da78f6a531278849874d557e292f38d3c4db08c9bf4d2d5b4eebf0709342edea
- SHA512
  
  7f31fd7936492ff18f50917e19bf2449994a0ad7515fe2035a7e9207ac3dd98cd6d25e2e82303191f9b161d2543b3f9c796e50da1a505c9c18e9656dd1d917f9
- SSDEEP
  
  12288:Insaz6hrdmMrkr8w8ha0PBJ8FSocI87mNsOe9runEx5:isCEzkiwOMFSxNaeOe5rx5
Score

10^/10

lokibot collection credential_access discovery spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

behavioral2

lokibotcollectioncredential_accessdiscoveryspywarestealertrojan