lokibot | 576c7a88fa73ff6038bc2f5cfe7a1f2d28974f02e5def345209a84fbd60cf3dd | Triage

Sharing

General

Target

a6be5e586178b2df0efd100c7ba453b1_JaffaCakes118
Size

227KB
Sample

241127-jqg5ha1naq
MD5

a6be5e586178b2df0efd100c7ba453b1
SHA1

18ac13933dfdb124dbcf45ea103608277280e80d
SHA256

576c7a88fa73ff6038bc2f5cfe7a1f2d28974f02e5def345209a84fbd60cf3dd
SHA512

55711f2d8b8fd4fe7bcebd8d8027472de309d50f8a4b0a4c4121940448057c913da567ae8dba862b28bf1ba49adcf17103c3bc08753197b0fde2bad911f91e64
SSDEEP

6144:8w+fRm+8TsKZKXUEkjyDH9kIClCTzUfqiMzucer4:B+U+8sKCCPCTNCrr4

Score

10^/10

lokibot collection discovery spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://brokenethicalgod.tk/BN22/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  a6be5e586178b2df0efd100c7ba453b1_JaffaCakes118
- Size
  
  227KB
- MD5
  
  a6be5e586178b2df0efd100c7ba453b1
- SHA1
  
  18ac13933dfdb124dbcf45ea103608277280e80d
- SHA256
  
  576c7a88fa73ff6038bc2f5cfe7a1f2d28974f02e5def345209a84fbd60cf3dd
- SHA512
  
  55711f2d8b8fd4fe7bcebd8d8027472de309d50f8a4b0a4c4121940448057c913da567ae8dba862b28bf1ba49adcf17103c3bc08753197b0fde2bad911f91e64
- SSDEEP
  
  6144:8w+fRm+8TsKZKXUEkjyDH9kIClCTzUfqiMzucer4:B+U+8sKCCPCTNCrr4
Score

10^/10

lokibot collection discovery spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Lokibot family
  lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectiondiscoveryspywarestealertrojan

behavioral2