lokibot | 0ac1851f68b0511365ecef5685690dfa6d34bfd6b93e290b602d7cff0e9e2254 | Triage

Sharing

General

Target

90ef0714bbc96ec60d61ee9807e43b04_JaffaCakes118
Size

246KB
Sample

240813-a1wwzazelj
MD5

90ef0714bbc96ec60d61ee9807e43b04
SHA1

c56ff5f248d20de32f5a20e0d3a4c0b90b716a46
SHA256

0ac1851f68b0511365ecef5685690dfa6d34bfd6b93e290b602d7cff0e9e2254
SHA512

f50331f539b4d7c653db19075736745ef382580165c7d12c5ebf73fe3ebdc49bc06558e083cc33b256e9415b5815c5f2523b87c06ed9469c988b86a7a056ecbf
SSDEEP

6144:odUdjqYmQf6i287RT+KoGjOKiX302yXxsasRxH0ez5HooAI:/MQf6Pwd4Vn02UXs3UA5H4I

Score

10^/10

lokibot collection credential_access discovery spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://drsmarinegroup.com/lok/Panel/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  knRWhbakTycqG0L.exe
- Size
  
  314KB
- MD5
  
  c52d92fadb274e3b90d79145a38315d8
- SHA1
  
  5d90c8e69cc7f42bac6795c7fb6d218aa016b142
- SHA256
  
  0da0e7ed05790977b34ede6cd1b441e56be702b14c7705a3e72a22d12b479a32
- SHA512
  
  3b4b4c071ca7ed9c8c751ce778036076fa905a849a24b3630e49a7c0063a4d640c499a4d6f125525be99d16bcc5c9985f79a6819acad2304df05ae744d5a66bf
- SSDEEP
  
  6144:60clODFj6i2s7RR+KoGjSKiX304yXxN2Sn4EcmZHyXFaxmVmie9bngPbW69v:XlDl6PAD4Vn04UOSn4EcmZHAFaxmVmiH
Score

10^/10

lokibot collection credential_access discovery spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

behavioral2

lokibotcollectioncredential_accessdiscoveryspywarestealertrojan