lokibot | 5566a76125fce1432e3f835c1d2e0acf189354e3ffb454fbab7466d0ab124d5c | Triage

Sharing

General

Target

90f2e81cf7d0e8adfceb3bf4d61ee6c3_JaffaCakes118
Size

726KB
Sample

241123-14rdrsyrbz
MD5

90f2e81cf7d0e8adfceb3bf4d61ee6c3
SHA1

18afd0b4dbfdedfe8261a4bd81c221229b19b981
SHA256

5566a76125fce1432e3f835c1d2e0acf189354e3ffb454fbab7466d0ab124d5c
SHA512

2547c3257678221b1208a01073c8d8c7916968c5230e6dc7587aece0e24ef7e3a212cee77a312943cbcafcd6d2aae3c7603c4e2291b727ab123d31226af676ff
SSDEEP

12288:BEHPqFx7n+it2jZiucomUpsBNSzIcBZzVU3O2PJkbvuIvNroNIdHzVsg9zP1KzyB:Bt7n/Up4ozdxHhSKoNIdHzVsg9ziO

Score

10^/10

lokibot collection discovery spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://185.227.139.5/sxisodifntose.php/ADdkqqfZahlYB

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  90f2e81cf7d0e8adfceb3bf4d61ee6c3_JaffaCakes118
- Size
  
  726KB
- MD5
  
  90f2e81cf7d0e8adfceb3bf4d61ee6c3
- SHA1
  
  18afd0b4dbfdedfe8261a4bd81c221229b19b981
- SHA256
  
  5566a76125fce1432e3f835c1d2e0acf189354e3ffb454fbab7466d0ab124d5c
- SHA512
  
  2547c3257678221b1208a01073c8d8c7916968c5230e6dc7587aece0e24ef7e3a212cee77a312943cbcafcd6d2aae3c7603c4e2291b727ab123d31226af676ff
- SSDEEP
  
  12288:BEHPqFx7n+it2jZiucomUpsBNSzIcBZzVU3O2PJkbvuIvNroNIdHzVsg9zP1KzyB:Bt7n/Up4ozdxHhSKoNIdHzVsg9ziO
Score

10^/10

lokibot collection discovery spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Lokibot family
  lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectiondiscoveryspywarestealertrojan

behavioral2

lokibotcollectiondiscoveryspywarestealertrojan