lokibot | 8bf8454a9b12f906299a087fcab18e684cffb1bace2aca65802ea622d853b88a | Triage

Sharing

General

Target

8bf8454a9b12f906299a087fcab18e684cffb1bace2aca65802ea622d853b88a.zip
Size

361KB
Sample

241003-b6dg9ayaml
MD5

e4642545e8067373a394cc144fc9c957
SHA1

4bf922369105fa909465f1912beb52bbad210c16
SHA256

8bf8454a9b12f906299a087fcab18e684cffb1bace2aca65802ea622d853b88a
SHA512

00094497397cfbcdbc0450040f7ac57f13ab0e7701ae8b17f84e845edd90cb12064c1b824d769a4aa82834b2b481d1f49ace98dc2761f6e056c3bc6fcb98ee74
SSDEEP

6144:cUpCqk2i7LH/j1V/HquoL4/nIN/NB+DYRkfSh4//+oPrKC584UG+LWEF7AfD:rCq5iH/RVPXPunXKim/+oPrv5T1ZEFo

Score

10^/10

lokibot collection discovery spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://solutviewmen.viewdns.net/bdifygidj/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  Odeme_belgesi.exe
- Size
  
  540KB
- MD5
  
  90f4be8876c29b8a1003fad8cc920a82
- SHA1
  
  9954083d7206592481ad16804d2d230d052550f4
- SHA256
  
  0f1bde8e151531aed752a337fcd392ab70e2839a42c4d61570b825fa44d4d365
- SHA512
  
  8f8e29b2e4df6099a4fc2b03f562f6e6deb1071e45f54a300b331f994dfcf845bf2f2edae8217e6dcd728c8c23611387a3acbcef5aaeb4ff3a8d4955ada865c3
- SSDEEP
  
  12288:qxTUip/R3pX12nXGik/+oPrj5utJfS5bpZKh5tsd5Nrkkz:LWR3x1Wg9PNrkkz
Score

10^/10

lokibot collection discovery spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectiondiscoveryspywarestealertrojan

behavioral2

lokibotcollectiondiscoveryspywarestealertrojan