lokibot | cd603ffd95611efa5ebb800affa4c8444d85862b666719df5e7b162ef61b64c7 | Triage

Sharing

General

Target

c82a50cc52792fa29f745f1067347608_JaffaCakes118
Size

116KB
Sample

240829-d6gwsatejp
MD5

c82a50cc52792fa29f745f1067347608
SHA1

4ace965a0cb1403f8cff31e74289a91c50843b6e
SHA256

cd603ffd95611efa5ebb800affa4c8444d85862b666719df5e7b162ef61b64c7
SHA512

378303927f163d923a3c12a0cac52026b5f18de034e4389f442ee8e8dd9174199836a601d78d1c42e22db36140f0df1dc7972ab642302f1045a2f42a7064cee1
SSDEEP

3072:hbXwqlw5PIvucCSKo1vGJdGxTQOJuzcM:hb3+5PEDCG1e0qOYzc

Score

10^/10

lokibot collection credential_access discovery spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://172.245.190.20/medix/Panel/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  c82a50cc52792fa29f745f1067347608_JaffaCakes118
- Size
  
  116KB
- MD5
  
  c82a50cc52792fa29f745f1067347608
- SHA1
  
  4ace965a0cb1403f8cff31e74289a91c50843b6e
- SHA256
  
  cd603ffd95611efa5ebb800affa4c8444d85862b666719df5e7b162ef61b64c7
- SHA512
  
  378303927f163d923a3c12a0cac52026b5f18de034e4389f442ee8e8dd9174199836a601d78d1c42e22db36140f0df1dc7972ab642302f1045a2f42a7064cee1
- SSDEEP
  
  3072:hbXwqlw5PIvucCSKo1vGJdGxTQOJuzcM:hb3+5PEDCG1e0qOYzc
Score

10^/10

lokibot collection credential_access discovery spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

behavioral2

lokibotcollectioncredential_accessdiscoveryspywarestealertrojan