lokibot | 955d472c00f8c3366e8301d35dba29622ee8de670fd29320cea50853b8c7a60e | Triage

Sharing

General

Target

523f34d0857746c5fd3bd5de613c6f3b_JaffaCakes118
Size

1.3MB
Sample

241017-qyxcqazbrg
MD5

523f34d0857746c5fd3bd5de613c6f3b
SHA1

e6165ca2d2faf4a8ab66af56af2dc4594da7ebd3
SHA256

955d472c00f8c3366e8301d35dba29622ee8de670fd29320cea50853b8c7a60e
SHA512

1130f20745ddbed057ee4597a13e4f4b1bb5ea39c22f3222fc43b59f98cd84c05f3d151161d911995b2e96b3e938951f0055d81b2ae2d10417f260c52d3ad763
SSDEEP

24576:QfQB17OOXg3ji58haakJZuJYkCLT2fXKvOF:gQBROOXgW5IdkJueLT2/

Score

10^/10

lokibot collection discovery spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://manvim.co/fd3/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  523f34d0857746c5fd3bd5de613c6f3b_JaffaCakes118
- Size
  
  1.3MB
- MD5
  
  523f34d0857746c5fd3bd5de613c6f3b
- SHA1
  
  e6165ca2d2faf4a8ab66af56af2dc4594da7ebd3
- SHA256
  
  955d472c00f8c3366e8301d35dba29622ee8de670fd29320cea50853b8c7a60e
- SHA512
  
  1130f20745ddbed057ee4597a13e4f4b1bb5ea39c22f3222fc43b59f98cd84c05f3d151161d911995b2e96b3e938951f0055d81b2ae2d10417f260c52d3ad763
- SSDEEP
  
  24576:QfQB17OOXg3ji58haakJZuJYkCLT2fXKvOF:gQBROOXgW5IdkJueLT2/
Score

10^/10

lokibot collection discovery spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectiondiscoveryspywarestealertrojan

behavioral2

lokibotcollectiondiscoveryspywarestealertrojan