lokibot | 7adf14253f0d2006f39082138710a9335f3997d27992cfb2932fc08e6f04f9d0 | Triage

Sharing

General

Target

Comprobante.PDF_86756457586970877656543457689708832.r01
Size

470KB
Sample

240912-lb59ws1apl
MD5

a77a81f1c62cf80e2f4bdbfd1c4aced0
SHA1

afdbcdaf61d8d33b95363b69966a19dafc5dcd7e
SHA256

7adf14253f0d2006f39082138710a9335f3997d27992cfb2932fc08e6f04f9d0
SHA512

b8d41eb81377803fb7ca91aaab53ea082f796697ced8bf97dcea400d59bb369f88acd5d51c82a61bb7a8be10cfbf91a6d0acd78ba9a3c5f3e797c64d114472ce
SSDEEP

12288:PrzsLyQu4jsy3tYLaKd2rvipPP1GwiKb73:PvG9YaOjiK/3

Score

10^/10

lokibot collection credential_access discovery spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://touxzw.ir/sweetwhore/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  Comprobante.PDF_86756457586970877656543457689708832.exe
- Size
  
  965KB
- MD5
  
  ba1643a0a19e0bb74ec7a361cc52f282
- SHA1
  
  257361a48666003b8f42ad79d67e69ad61ea5a45
- SHA256
  
  418e0add4eb6fb3db62e0fdae4dfe7b738e8348babc29a09f5cf9a0cac0a29db
- SHA512
  
  461d7776aa79409c5cc6aabaadcdd014ad3435cce235363a20fe94f0c482a195fdc349f7fb1f36df2ad21c86fdd86e6b09f28cd71f84cfeaf118baf25d9cc11c
- SSDEEP
  
  12288:ktb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNuPPpHSgaZTAI5yEaRJItQ6A:ktb20pkaCqT5TBWgNQ7adAknIqtQ6A
Score

10^/10

lokibot collection credential_access discovery spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

behavioral2

lokibotcollectioncredential_accessdiscoveryspywarestealertrojan