lokibot | db9bf417aaad1442694ac2057761c8c9ada4626f41dc969dc21268f4e82664dd | Triage

Sharing

General

Target

fb281939af3b2e1948f15015a8d797dc_JaffaCakes118
Size

334KB
Sample

240928-akg3wazake
MD5

fb281939af3b2e1948f15015a8d797dc
SHA1

f3b2ef76164669d616f6028706c8a0c996968aee
SHA256

db9bf417aaad1442694ac2057761c8c9ada4626f41dc969dc21268f4e82664dd
SHA512

46fa4521a9718ffe17e697040ad840554390c8d59f5539274eff8fe8fe7e91bdc4971c5e6d377b7746441f2e7a8218b19748a985978f767d0cf4845a140e7dd5
SSDEEP

6144:hJixtAiIYeUH03emCOv8XmTjkLm8nfsxF7wjimTEY2:h03gYeUUt82vkLnfOOim4

Score

10^/10

lokibot agilenet collection discovery spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://blackdiamondsco.ae/test/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  fb281939af3b2e1948f15015a8d797dc_JaffaCakes118
- Size
  
  334KB
- MD5
  
  fb281939af3b2e1948f15015a8d797dc
- SHA1
  
  f3b2ef76164669d616f6028706c8a0c996968aee
- SHA256
  
  db9bf417aaad1442694ac2057761c8c9ada4626f41dc969dc21268f4e82664dd
- SHA512
  
  46fa4521a9718ffe17e697040ad840554390c8d59f5539274eff8fe8fe7e91bdc4971c5e6d377b7746441f2e7a8218b19748a985978f767d0cf4845a140e7dd5
- SSDEEP
  
  6144:hJixtAiIYeUH03emCOv8XmTjkLm8nfsxF7wjimTEY2:h03gYeUUt82vkLnfOOim4
Score

10^/10

lokibot agilenet collection discovery spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Obfuscated with Agile.Net obfuscator
  Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.
  agilenet
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotagilenetcollectiondiscoveryspywarestealertrojan

behavioral2

lokibotagilenetcollectiondiscoveryspywarestealertrojan