lokibot | 0f6b2f0c1ec5760b5fbbe56a2c59d0426526f5ba81b392ff7b1221edbbc8027d | Triage

Sharing

General

Target

0f6b2f0c1ec5760b5fbbe56a2c59d0426526f5ba81b392ff7b1221edbbc8027d
Size

547KB
Sample

241121-yc3llsvrgv
MD5

97c628c4295dbd8e71cdf7eb64da3863
SHA1

649992b1ef93e80f4d4fdcbe14b73011b106b105
SHA256

0f6b2f0c1ec5760b5fbbe56a2c59d0426526f5ba81b392ff7b1221edbbc8027d
SHA512

23e607a6b00a07f5a73f7e1950a83f7ddfc4219c969e1baf30c6e1744082ecd0da15c5e183e319b92cc256e3d797043f1c1ae6bd3d5fdf15675f653b83e8525e
SSDEEP

12288:n72iNZEn27lG1ZaXc3yJzmAAuf+o00OobuNLKQvxCQkH3/TRUmDlt:71vjQb3y5mxo8CuNLKgxnkrR

Score

10^/10

lokibot collection discovery spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://sempersim.su/gi9/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  0f6b2f0c1ec5760b5fbbe56a2c59d0426526f5ba81b392ff7b1221edbbc8027d
- Size
  
  547KB
- MD5
  
  97c628c4295dbd8e71cdf7eb64da3863
- SHA1
  
  649992b1ef93e80f4d4fdcbe14b73011b106b105
- SHA256
  
  0f6b2f0c1ec5760b5fbbe56a2c59d0426526f5ba81b392ff7b1221edbbc8027d
- SHA512
  
  23e607a6b00a07f5a73f7e1950a83f7ddfc4219c969e1baf30c6e1744082ecd0da15c5e183e319b92cc256e3d797043f1c1ae6bd3d5fdf15675f653b83e8525e
- SSDEEP
  
  12288:n72iNZEn27lG1ZaXc3yJzmAAuf+o00OobuNLKQvxCQkH3/TRUmDlt:71vjQb3y5mxo8CuNLKgxnkrR
Score

10^/10

lokibot collection discovery spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Lokibot family
  lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectiondiscoveryspywarestealertrojan

behavioral2

lokibotcollectiondiscoveryspywarestealertrojan