lokibot | 1b729638fb6cebf16ff6dc59c6144123367649b1ae68b50404a20678d6344287 | Triage

Sharing

General

Target

87f2e974ce1409d31ff4357ca83cdc51_JaffaCakes118
Size

506KB
Sample

240810-2jb9sa1gqn
MD5

87f2e974ce1409d31ff4357ca83cdc51
SHA1

896d62c4d3c728d11c2122ede992a3359840b85e
SHA256

1b729638fb6cebf16ff6dc59c6144123367649b1ae68b50404a20678d6344287
SHA512

7a91f4f38bac4ebe588d90d365d8afc6f295c1871e27d47f2cf1525871e5cc57fc186b397212cce59044597b8d44a5ab4b643c07bc281e5597f03063e6a09196
SSDEEP

12288:9pssEBBt2kF+ABZ2EQcFi4Ts7pbFy9mGU2kwD:sHS2ZvFHsfmmXwD

Score

10^/10

lokibot collection credential_access discovery spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://51.195.53.221/p.php/7gEWZ4upg1lkl

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  87f2e974ce1409d31ff4357ca83cdc51_JaffaCakes118
- Size
  
  506KB
- MD5
  
  87f2e974ce1409d31ff4357ca83cdc51
- SHA1
  
  896d62c4d3c728d11c2122ede992a3359840b85e
- SHA256
  
  1b729638fb6cebf16ff6dc59c6144123367649b1ae68b50404a20678d6344287
- SHA512
  
  7a91f4f38bac4ebe588d90d365d8afc6f295c1871e27d47f2cf1525871e5cc57fc186b397212cce59044597b8d44a5ab4b643c07bc281e5597f03063e6a09196
- SSDEEP
  
  12288:9pssEBBt2kF+ABZ2EQcFi4Ts7pbFy9mGU2kwD:sHS2ZvFHsfmmXwD
Score

10^/10

discovery lokibot collection credential_access spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

lokibotcollectioncredential_accessdiscoveryspywarestealertrojan