lokibot | 0c8f22a730756f249c687c7ed45d658725d3a598d1e8dac4eedd964e459e7a9b | Triage

Sharing

General

Target

0c8f22a730756f249c687c7ed45d658725d3a598d1e8dac4eedd964e459e7a9b.exe
Size

489KB
Sample

240822-k6w42aydnh
MD5

1f5a17804b499495993e4c80c84802c3
SHA1

8d24280172cb92974c6129a8079a70eba1523908
SHA256

0c8f22a730756f249c687c7ed45d658725d3a598d1e8dac4eedd964e459e7a9b
SHA512

51a09b58c9a6012ac14a75de8f8eecadec446f195ffce0b4194397fced33ac1b3ca465308cfa67a0fd01c55a32efdecb0a311b15231f152e42760926ffc8f7aa
SSDEEP

6144:6bm6KiOatP8nAneHuKm5Sc3cqQ7yWOjhWOkaIWmPJHzFh6qllyXZCEFfa4UfnRWR:6IiCvuxTqmW8hT2lzaAl4rOfn9m

Score

10^/10

lokibot aspackv2 collection credential_access discovery persistence spyware stealer trojan

Malware Config

Targets

- Target
  
  0c8f22a730756f249c687c7ed45d658725d3a598d1e8dac4eedd964e459e7a9b.exe
- Size
  
  489KB
- MD5
  
  1f5a17804b499495993e4c80c84802c3
- SHA1
  
  8d24280172cb92974c6129a8079a70eba1523908
- SHA256
  
  0c8f22a730756f249c687c7ed45d658725d3a598d1e8dac4eedd964e459e7a9b
- SHA512
  
  51a09b58c9a6012ac14a75de8f8eecadec446f195ffce0b4194397fced33ac1b3ca465308cfa67a0fd01c55a32efdecb0a311b15231f152e42760926ffc8f7aa
- SSDEEP
  
  6144:6bm6KiOatP8nAneHuKm5Sc3cqQ7yWOjhWOkaIWmPJHzFh6qllyXZCEFfa4UfnRWR:6IiCvuxTqmW8hT2lzaAl4rOfn9m
Score

10^/10

lokibot collection credential_access discovery persistence spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectioncredential_accessdiscoverypersistencespywarestealertrojan

behavioral2

lokibotcollectioncredential_accessdiscoverypersistencespywarestealertrojan