lokibot | 0904ed2b6fcf10369f7f36a99656b4fe417215558e40af738cecc6903d808f7a | Triage

Sharing

General

Target

dfdef00d205d173250308e2454d3ce6d_JaffaCakes118
Size

449KB
Sample

240914-kzldyswcnp
MD5

dfdef00d205d173250308e2454d3ce6d
SHA1

5299fb8fe9782bedcdfec0a1f53ee712c49ebd9c
SHA256

0904ed2b6fcf10369f7f36a99656b4fe417215558e40af738cecc6903d808f7a
SHA512

c21f09bdfd79a5f114c6813011ea4a8a74f4714ccddd7b5c9011023c5005b65f9184ba2934a1c431462458b522d2bbeecd01d4eeb6cdef618f37a204c89789b9
SSDEEP

12288:L5PGktEbBCMjRjOtvrhXiukKwe9r0VD2uFZT:L5PMOt9XTp0VD2urT

Score

10^/10

lokibot collection credential_access discovery spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://kasongogold.com/sertyou/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  dfdef00d205d173250308e2454d3ce6d_JaffaCakes118
- Size
  
  449KB
- MD5
  
  dfdef00d205d173250308e2454d3ce6d
- SHA1
  
  5299fb8fe9782bedcdfec0a1f53ee712c49ebd9c
- SHA256
  
  0904ed2b6fcf10369f7f36a99656b4fe417215558e40af738cecc6903d808f7a
- SHA512
  
  c21f09bdfd79a5f114c6813011ea4a8a74f4714ccddd7b5c9011023c5005b65f9184ba2934a1c431462458b522d2bbeecd01d4eeb6cdef618f37a204c89789b9
- SSDEEP
  
  12288:L5PGktEbBCMjRjOtvrhXiukKwe9r0VD2uFZT:L5PMOt9XTp0VD2urT
Score

10^/10

lokibot collection credential_access discovery spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Credentials from Password Stores: Credentials from Web Browsers
  Malicious Access or copy of Web Browser Credential store.
  credential_access stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectioncredential_accessdiscoveryspywarestealertrojan

behavioral2

lokibotcollectioncredential_accessdiscoveryspywarestealertrojan