lokibot | 93f4ad4c63b3a95977db19f6130c4f02c0968b3e272e15b050e8782a4fa5b9f4 | Triage

Sharing

General

Target

93f4ad4c63b3a95977db19f6130c4f02c0968b3e272e15b050e8782a4fa5b9f4.exe
Size

284KB
Sample

241124-d6f99aykcm
MD5

4e5eaedd88f3546685f4cc55e36ea0fa
SHA1

0cc3a3aed941c22b0d5f430096b0feccb83a4b18
SHA256

93f4ad4c63b3a95977db19f6130c4f02c0968b3e272e15b050e8782a4fa5b9f4
SHA512

b42e39951c78bb8620247ac26b8eab7f19a2bdc09baf7ef59f42efa3dd8797cd8e600a190d25860dce644260d877ae7216883ccdf6ae2b92d6e8663d696b0591
SSDEEP

6144:wnfl1dIBXiMWXZT24SGTAYlDvC2zivJDg060759lrtEum:QfqApGuRhvfMgbg59lr0

Score

10^/10

lokibot collection discovery spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://secure01-redirect.net/ga13/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  93f4ad4c63b3a95977db19f6130c4f02c0968b3e272e15b050e8782a4fa5b9f4.exe
- Size
  
  284KB
- MD5
  
  4e5eaedd88f3546685f4cc55e36ea0fa
- SHA1
  
  0cc3a3aed941c22b0d5f430096b0feccb83a4b18
- SHA256
  
  93f4ad4c63b3a95977db19f6130c4f02c0968b3e272e15b050e8782a4fa5b9f4
- SHA512
  
  b42e39951c78bb8620247ac26b8eab7f19a2bdc09baf7ef59f42efa3dd8797cd8e600a190d25860dce644260d877ae7216883ccdf6ae2b92d6e8663d696b0591
- SSDEEP
  
  6144:wnfl1dIBXiMWXZT24SGTAYlDvC2zivJDg060759lrtEum:QfqApGuRhvfMgbg59lr0
Score

10^/10

lokibot collection discovery spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Lokibot family
  lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectiondiscoveryspywarestealertrojan

behavioral2

lokibotcollectiondiscoveryspywarestealertrojan