lokibot

General

Target

26092024_0010_25092024_Поръчка за покупка_(PO_46338032)_Метал-М-София ООД.zip
Size

131KB
Sample

240926-af3tsavhrq
MD5

d18534cdd084247679ffdeae98dbc3b7
SHA1

488981ca31b15f0cdc53b57efec4636acd9fd8b5
SHA256

50b6a1d57ca4fdb2e27f597cccfbabd3af76160314d8e6176c7675c3602a9b0d
SHA512

32957eb422c5cdc452754e1ca23839862400ee381cb2dedd75250ba1ccbd1e0f82605b0ca277ce271fb5d28ec4dd2e39df3c55a211bb80bff6522cfc05031ba2
SSDEEP

3072:8wl0Awyu0euEhMvEuV555vyWd69MtGGEMvsUNF7ojUTgF7/Eld:Jib0shLuzvyi+Gjb8oT7H

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

https://dddotx.shop/Mine/PWS/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  Поръчка за покупка_(PO_46338032)_Метал-М-София ООД.exe
- Size
  
  164KB
- MD5
  
  ed9fe2c20a68172921c064d0d9886b7b
- SHA1
  
  d892be8018cbc88b8cdd0db2338f643448630757
- SHA256
  
  bfcc16e302514e80fdc77675291f1bdb32796e7b77274f7596049938d0652347
- SHA512
  
  8fdaaedc9585e72ebfdb8ba85e79f52614d9b3626327ac882cc4a2f108ed71335e013b173a628cd83135f8806644f9af4ac1f7026a4a0ae71f12057534269160
- SSDEEP
  
  3072:OgX3OY/NPH8Aq+XdOeuohMvEuf555vyWd+9MtGGE0vWGNF7owCCx7/WgafCzg:WOLOAhLuhvyi6GTb8wCC5/Wgb
Score

10^/10

lokibot collection discovery spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2