lokibot | f4d19c780fa6d3d312749604901711ed1af9b5cd55eb95561c3f0c6ff6a9ba2d | Triage

Sharing

General

Target

f978bf7fdde37f0a05eb51afdc199e59_JaffaCakes118
Size

388KB
Sample

240927-bx4cba1dke
MD5

f978bf7fdde37f0a05eb51afdc199e59
SHA1

46bb042b8fe1289f6f7be05de5b7d384b1f61a82
SHA256

f4d19c780fa6d3d312749604901711ed1af9b5cd55eb95561c3f0c6ff6a9ba2d
SHA512

954c4655791c37204e6bf897180fb150826afc74ab66572b7d5b8e0acc20a688d7d35b52847694fa79a0eb46469b3d79656e859b1793979001dd6d0ee2b8161b
SSDEEP

6144:U+6KV/meQrJ9SFfL6JnzATE7FmhQzHAKZZIK/yp4SrQpvh1yyQCcB79SuEArX/:U7PP9SFfL6dzATEWQzHAoZzXzmF9STK

Score

10^/10

lokibot collection discovery spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://vsp.com.mx/site/temp/Panel/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  f978bf7fdde37f0a05eb51afdc199e59_JaffaCakes118
- Size
  
  388KB
- MD5
  
  f978bf7fdde37f0a05eb51afdc199e59
- SHA1
  
  46bb042b8fe1289f6f7be05de5b7d384b1f61a82
- SHA256
  
  f4d19c780fa6d3d312749604901711ed1af9b5cd55eb95561c3f0c6ff6a9ba2d
- SHA512
  
  954c4655791c37204e6bf897180fb150826afc74ab66572b7d5b8e0acc20a688d7d35b52847694fa79a0eb46469b3d79656e859b1793979001dd6d0ee2b8161b
- SSDEEP
  
  6144:U+6KV/meQrJ9SFfL6JnzATE7FmhQzHAKZZIK/yp4SrQpvh1yyQCcB79SuEArX/:U7PP9SFfL6dzATEWQzHAoZzXzmF9STK
Score

10^/10

lokibot collection discovery spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectiondiscoveryspywarestealertrojan

behavioral2

lokibotcollectiondiscoveryspywarestealertrojan