lokibot | 6438095080694e51e7802ba419e9854234dccdd3cc818eee26cea88f6391177f | Triage

Sharing

General

Target

28b53af06040db7a67d790aa26cbf6c6_JaffaCakes118
Size

295KB
Sample

241009-b9n36a1arm
MD5

28b53af06040db7a67d790aa26cbf6c6
SHA1

c71dd623b41f15baa041ad4e4e5c8b77b6b65030
SHA256

6438095080694e51e7802ba419e9854234dccdd3cc818eee26cea88f6391177f
SHA512

25dfb6ded16ec1bbe1146c886ed1f3527b0c67e1baab8d58300a4f538567f9381b8a1c3a6d999aefc0956abd10c09746a8eac9ef5b0ecdc922ace95f356cf4d0
SSDEEP

6144:Q+l/lR8NG2JNUDwxTIxr36LOGZCCCdlEv1BX8NdJF92WvC61:Q+l/lmGUNUDwVIV5i8EvrX85zrvF1

Score

10^/10

lokibot collection discovery spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://everydaywegrind.cf/Office4/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  28b53af06040db7a67d790aa26cbf6c6_JaffaCakes118
- Size
  
  295KB
- MD5
  
  28b53af06040db7a67d790aa26cbf6c6
- SHA1
  
  c71dd623b41f15baa041ad4e4e5c8b77b6b65030
- SHA256
  
  6438095080694e51e7802ba419e9854234dccdd3cc818eee26cea88f6391177f
- SHA512
  
  25dfb6ded16ec1bbe1146c886ed1f3527b0c67e1baab8d58300a4f538567f9381b8a1c3a6d999aefc0956abd10c09746a8eac9ef5b0ecdc922ace95f356cf4d0
- SSDEEP
  
  6144:Q+l/lR8NG2JNUDwxTIxr36LOGZCCCdlEv1BX8NdJF92WvC61:Q+l/lmGUNUDwVIV5i8EvrX85zrvF1
Score

10^/10

lokibot collection discovery spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectiondiscoveryspywarestealertrojan

behavioral2