lokibot | 3a21143ed26feb405bc5eee9c81929b66d6ba41583b3b1d419a1d6f3edefed84 | Triage

Sharing

General

Target

40f1488d00e717a1d31f48477361ddee_JaffaCakes118
Size

611KB
Sample

241013-t6321swfqg
MD5

40f1488d00e717a1d31f48477361ddee
SHA1

63b3f7851830c85e2e23762e39010df6b5b2b39d
SHA256

3a21143ed26feb405bc5eee9c81929b66d6ba41583b3b1d419a1d6f3edefed84
SHA512

90ded1e602f154e04dc044c1c0d3e3941a2263a252f72acfce7add21c5afd9f9fd2a644f848fe6072999a64642a393f96a0a416d67b2249e9f97eced290b86fb
SSDEEP

12288:QLB/HK7zIOiRb+J6s4QSuwo7wXXFq4zyhVr3Obcvt2p:x81Rhs4QSBXY4zyhIAtM

Score

10^/10

lokibot collection discovery spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://manvim.co/fd14/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  40f1488d00e717a1d31f48477361ddee_JaffaCakes118
- Size
  
  611KB
- MD5
  
  40f1488d00e717a1d31f48477361ddee
- SHA1
  
  63b3f7851830c85e2e23762e39010df6b5b2b39d
- SHA256
  
  3a21143ed26feb405bc5eee9c81929b66d6ba41583b3b1d419a1d6f3edefed84
- SHA512
  
  90ded1e602f154e04dc044c1c0d3e3941a2263a252f72acfce7add21c5afd9f9fd2a644f848fe6072999a64642a393f96a0a416d67b2249e9f97eced290b86fb
- SSDEEP
  
  12288:QLB/HK7zIOiRb+J6s4QSuwo7wXXFq4zyhVr3Obcvt2p:x81Rhs4QSBXY4zyhIAtM
Score

10^/10

lokibot collection discovery spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectiondiscoveryspywarestealertrojan

behavioral2

lokibotcollectiondiscoveryspywarestealertrojan