lokibot | 30209ce91bc619e558cbd7da4c5efe49cb4a7b7e16b9f635a7bff60be922ac53 | Triage

Sharing

General

Target

97892fa31690fc6659dc38b7f2b74152_JaffaCakes118
Size

287KB
Sample

240814-y5kaqssdqb
MD5

97892fa31690fc6659dc38b7f2b74152
SHA1

b2f33906a78042fe9c2600c9228eee7676f1729b
SHA256

30209ce91bc619e558cbd7da4c5efe49cb4a7b7e16b9f635a7bff60be922ac53
SHA512

022f804f504fe49afcb0c30e1b0ca5ed1a6fa3b39ccf08e437fd54c62dd67f1c11c88d4740ed2740ac1772f8639c19afbfb0aaf19713c0dfd100b877b0748347
SSDEEP

6144:IFfYIX96nq/g5Wo8QKVqotIkQcbZD+Ml0/j0ZeparK:IVVX96q/Po8JAoKkQcFD+Mluj0iOK

Score

10^/10

lokibot collection credential_access discovery spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://195.69.140.147/.op/cr.php/d4oah6lhwRn2s

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  eInvoicing_pdf.exe
- Size
  
  671KB
- MD5
  
  1d694604e4d33b5ea0e6f4f07dc5e644
- SHA1
  
  a7355176bd14a67792c8094412c03cbca934859c
- SHA256
  
  0fc67a4fcc091935b3b1a44cbb808d5dc5a18e86bfebb07c3fbdf6f60824d830
- SHA512
  
  6272e4307caffd4218e209116f13532d009a21734a8c1105f638d033d72788ec03e96d49e361816f6a5c80a7e7f92cf0728abc277e8c47b46bd09da52e7498d8
- SSDEEP
  
  12288:BtDmxLfYVT96Y/Ju8x+04k+cDDbbwt9VjW:B0xjiT9d/88x7LDPE3VjW
Score

10^/10

lokibot collection credential_access discovery spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

behavioral2

lokibotcollectioncredential_accessdiscoveryspywarestealertrojan