lokibot | 503cd6dfb25591a5a8a9ae418d96a55e3492cd4592df5fdc04750faaa7ff5ba6 | Triage

Sharing

General

Target

8d8dbe55e225b7fb7b0521d7770f199f_JaffaCakes118
Size

918KB
Sample

240812-ghz91asdjb
MD5

8d8dbe55e225b7fb7b0521d7770f199f
SHA1

643b7d8fa4dba55761539fd088b6098ab9e20ac9
SHA256

503cd6dfb25591a5a8a9ae418d96a55e3492cd4592df5fdc04750faaa7ff5ba6
SHA512

127c05cbfb57b3da233215fea287059dd5757773c21a7b66f8caf2026df87e6ca2bae49488e9172993198b7e6639ffa97dd498d4fd10b4a5a384c41bf0ab7016
SSDEEP

12288:KZmYpmMj6jRPLjRPqjBjjyjBjBjBjBjLjOqimpK3bS63q/ynYMAL5C:Ti64G/ynkL5

Score

10^/10

lokibot collection credential_access discovery spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://transcorpoil.com/dumbo/dumbo4/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  8d8dbe55e225b7fb7b0521d7770f199f_JaffaCakes118
- Size
  
  918KB
- MD5
  
  8d8dbe55e225b7fb7b0521d7770f199f
- SHA1
  
  643b7d8fa4dba55761539fd088b6098ab9e20ac9
- SHA256
  
  503cd6dfb25591a5a8a9ae418d96a55e3492cd4592df5fdc04750faaa7ff5ba6
- SHA512
  
  127c05cbfb57b3da233215fea287059dd5757773c21a7b66f8caf2026df87e6ca2bae49488e9172993198b7e6639ffa97dd498d4fd10b4a5a384c41bf0ab7016
- SSDEEP
  
  12288:KZmYpmMj6jRPLjRPqjBjjyjBjBjBjBjLjOqimpK3bS63q/ynYMAL5C:Ti64G/ynkL5
Score

10^/10

lokibot collection credential_access discovery spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

behavioral2

lokibotcollectioncredential_accessdiscoveryspywarestealertrojan