lokibot

General

Target

c66b6830604077846b281eb5041e0c2c_JaffaCakes118
Size

850KB
Sample

240828-h7tn7azamg
MD5

c66b6830604077846b281eb5041e0c2c
SHA1

33c7d91eb938fd0a1c49d14d7bbfd23629933db1
SHA256

12fe5d97c64c2da907b47eab6a73626482483ff2f7bea941b2e39fae8b64d9bb
SHA512

11fc5049235d1469135baadf8a9aab126b4edb2703e98f8d56be63b82cc463582ba32f56ab73b1e8715c67545bac183537c14d5be037e84e4558e4562666dd03
SSDEEP

24576:nEqgz9k0brtrOo2D3l3/7ZIPZbu3JSVOj52jztTe72:nEqgzZTy3d/6xK3UOj56RTe72

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://taolay12.ru/Panel/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  SALES#CONTRACT.exe
- Size
  
  1.4MB
- MD5
  
  b4c7866cb810efbed786bcd6bd01672c
- SHA1
  
  2558a403919282fa75eba2b23f00a500b3773eac
- SHA256
  
  102f650d8174505630c608b60dab7e0030561971c7e85721ee5e8f46407c5aae
- SHA512
  
  8e538ce94bb0b4ddbd441bbf5d3e2c8e2af897bd0e6a291678f32c6b2596c84a282a3857d7e572648a0ab52e511f5360329414125684c42fbde82994045e28fd
- SSDEEP
  
  24576:V/BDDDvZCLzAihg4DQ2AYIFLALwhO/9YmaDn6rr/qKoSs3zfrYM/UYusL+h5fnW4:9Bjv0vAiu4DnNINALRYmaDnoqKoSqTsb
Score

10^/10

lokibot discovery spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2