lokibot

General

Target

b4fb8fd4871a488cfb2368ce7612741f93af9cb56a217f98474c475824176ea2N.exe
Size

992KB
Sample

241203-zh3n8stjfs
MD5

01c3d0beefd79050fe3135f9739a1760
SHA1

ad204c19a483a84b3d5bb833d6d91bcc2a0a99d2
SHA256

b4fb8fd4871a488cfb2368ce7612741f93af9cb56a217f98474c475824176ea2
SHA512

b4c9dd8f32c0a530d6a96ad23d503c29ddd7196e9ba5392b3a24e031507412a32c57e6b3f31040f51c29f981fbd8a73e21d6612a13076c07668c0509c45bc982
SSDEEP

12288:+tb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNDPPpHrYDTTAGXBvFwkmC:+tb20pkaCqT5TBWgNjVYXc09ekJ

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://87.120.113.235/18/pin.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  b4fb8fd4871a488cfb2368ce7612741f93af9cb56a217f98474c475824176ea2N.exe
- Size
  
  992KB
- MD5
  
  01c3d0beefd79050fe3135f9739a1760
- SHA1
  
  ad204c19a483a84b3d5bb833d6d91bcc2a0a99d2
- SHA256
  
  b4fb8fd4871a488cfb2368ce7612741f93af9cb56a217f98474c475824176ea2
- SHA512
  
  b4c9dd8f32c0a530d6a96ad23d503c29ddd7196e9ba5392b3a24e031507412a32c57e6b3f31040f51c29f981fbd8a73e21d6612a13076c07668c0509c45bc982
- SSDEEP
  
  12288:+tb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNDPPpHrYDTTAGXBvFwkmC:+tb20pkaCqT5TBWgNjVYXc09ekJ
Score

10^/10

lokibot collection discovery spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Lokibot family
  lokibot
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lokibot family

Drops startup file

Executes dropped EXE

Loads dropped DLL

Accesses Microsoft Outlook profiles

AutoIT Executable

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2