lokibot | f028e0d3e43400870c714814ab38d60da657cb6929f88c28be00500cc3315b65 | Triage

Sharing

General

Target

Törölt fizetési megbízás.cmd
Size

569KB
Sample

240823-kq5fgaxcjr
MD5

6ca48a4a30a1537b228e1c797972734e
SHA1

dcc43dbd8a5cb5e79a9bea6b939861cd60b621c8
SHA256

f028e0d3e43400870c714814ab38d60da657cb6929f88c28be00500cc3315b65
SHA512

b2a558aa48f2f392deabf28ba1b2b7ea10311572c4918d458ad53c089a37f85e0986ed064b637bb708165c1233e6f50fbcf9dcda4b9caad60341218933f21819
SSDEEP

12288:roL3rlW4E0Gx/KskbB0NVGutQKeq53gOdoUkR:Mv4J/KXRutx95oT

Score

10^/10

lokibot collection credential_access discovery execution spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://104.248.205.66/index.php/modify.php?edit=1

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  Törölt fizetési megbízás.cmd
- Size
  
  569KB
- MD5
  
  6ca48a4a30a1537b228e1c797972734e
- SHA1
  
  dcc43dbd8a5cb5e79a9bea6b939861cd60b621c8
- SHA256
  
  f028e0d3e43400870c714814ab38d60da657cb6929f88c28be00500cc3315b65
- SHA512
  
  b2a558aa48f2f392deabf28ba1b2b7ea10311572c4918d458ad53c089a37f85e0986ed064b637bb708165c1233e6f50fbcf9dcda4b9caad60341218933f21819
- SSDEEP
  
  12288:roL3rlW4E0Gx/KskbB0NVGutQKeq53gOdoUkR:Mv4J/KXRutx95oT
Score

10^/10

lokibot collection credential_access discovery execution spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Command and Scripting Interpreter: PowerShell
  Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.
  execution
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

PowerShell

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectioncredential_accessdiscoveryexecutionspywarestealertrojan

behavioral2

lokibotcollectioncredential_accessdiscoveryexecutionspywarestealertrojan