lokibot

General

Target

984eb400ffd002e0732f3d7159e6fb341e7fed5e570de0dc0289592544f41a14
Size

501KB
Sample

241126-k2pt6a1kbk
MD5

6d82b6638af284da8a1303b0267cb661
SHA1

a8abb363554a5f09a19e136c3a3e9d90d6219119
SHA256

984eb400ffd002e0732f3d7159e6fb341e7fed5e570de0dc0289592544f41a14
SHA512

a3ae564b09fb6f5637d123ee54597c17c98b86ed6abb2a466d5482a6b699f44da8ce182d422ccabe9cd85675a160d9ab8010cf82984b12de682b5dcf1f3147a6
SSDEEP

12288:Rk2EiFnx2PynUCJXU9EGMuRCCYMmfgknmkWirVox2brqR8g9XghdHeEF:Rk2EiFilCS9T5KJmjiax2iqlvF

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://94.156.177.41/alpha/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  Swift Copy.exe
- Size
  
  525KB
- MD5
  
  3102ded8150ab50942806fece47877d9
- SHA1
  
  0ea08a674c07a4f354ed7501788db4e3e17298c0
- SHA256
  
  c14f938d6e95748fc2a3102fad37c48cc3d720cbe43420822c1b6da13ed800f5
- SHA512
  
  4d18f8076876afe0a455350cf057e507324840235929557d6199d40d601df18dfe00ca96835a13cafddf429cbe9536f8db476e7f658ddaf764e8e906ec56a7de
- SSDEEP
  
  12288:DOv5jKhsfoPA+yeVKUCUxP4C902bdRtJJPiUVrRGghXgLxH4oJ:Dq5TfcdHj4fmbVQN/J
Score

10^/10

lokibot collection discovery spyware stealer trojan upx
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Lokibot family
  lokibot
- Accesses Microsoft Outlook profiles
  collection
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lokibot family

Accesses Microsoft Outlook profiles

AutoIT Executable

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2