lokibot | 38ab1533c224b90043299dc9b2a42bf456d0521de6d89a8eeb44336771943c3f | Triage

Sharing

General

Target

38ab1533c224b90043299dc9b2a42bf456d0521de6d89a8eeb44336771943c3f.exe
Size

995KB
Sample

240730-bvcrksvglc
MD5

cfe05392605f333a1ed9abc7fe992635
SHA1

60e56713191a5ff83cc905debd5a76c80fcd77de
SHA256

38ab1533c224b90043299dc9b2a42bf456d0521de6d89a8eeb44336771943c3f
SHA512

7b0e1ba85bbea3ed3e8dc46f265c8b517bec6639e1777e2ebde4e6b336cb547a45c3e01b093d73714df253f45aab7d1635ac213a2bd1f14f70f37fa94e1de96e
SSDEEP

12288:rmeFmKg5mPN3ohe4/35ww17fsur4o23ZY19Uc:uJhXyaUy4og4Kc

Score

10^/10

lokibot collection credential_access discovery spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://serak.top/ugopounds/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  38ab1533c224b90043299dc9b2a42bf456d0521de6d89a8eeb44336771943c3f.exe
- Size
  
  995KB
- MD5
  
  cfe05392605f333a1ed9abc7fe992635
- SHA1
  
  60e56713191a5ff83cc905debd5a76c80fcd77de
- SHA256
  
  38ab1533c224b90043299dc9b2a42bf456d0521de6d89a8eeb44336771943c3f
- SHA512
  
  7b0e1ba85bbea3ed3e8dc46f265c8b517bec6639e1777e2ebde4e6b336cb547a45c3e01b093d73714df253f45aab7d1635ac213a2bd1f14f70f37fa94e1de96e
- SSDEEP
  
  12288:rmeFmKg5mPN3ohe4/35ww17fsur4o23ZY19Uc:uJhXyaUy4og4Kc
Score

10^/10

lokibot collection credential_access discovery spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

behavioral2

lokibotspywarestealertrojan