lokibot

General

Target

557c3767b10f0c9034e14c45985eff59b965a5b303e6c15cf93093d897217c39.exe
Size

992KB
Sample

241204-gxk4mavpcy
MD5

20b79ce76ed132a4cac98ffdccc894de
SHA1

815003c494dd21f17bda60733ad435b420766491
SHA256

557c3767b10f0c9034e14c45985eff59b965a5b303e6c15cf93093d897217c39
SHA512

c8eeb3b77d836ace5bb31150d1a619dd0bfef5cff1e3e57a37063bfe4a3174c395cb8484361ca72028615a3bcfbc6f13d3ecb71af13d7d744269c98d36f774a0
SSDEEP

12288:+tb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNDPPpHrYDTTAGXBvFwkmCK:+tb20pkaCqT5TBWgNjVYXc09ekJK

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://87.120.113.235/18/pin.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  557c3767b10f0c9034e14c45985eff59b965a5b303e6c15cf93093d897217c39.exe
- Size
  
  992KB
- MD5
  
  20b79ce76ed132a4cac98ffdccc894de
- SHA1
  
  815003c494dd21f17bda60733ad435b420766491
- SHA256
  
  557c3767b10f0c9034e14c45985eff59b965a5b303e6c15cf93093d897217c39
- SHA512
  
  c8eeb3b77d836ace5bb31150d1a619dd0bfef5cff1e3e57a37063bfe4a3174c395cb8484361ca72028615a3bcfbc6f13d3ecb71af13d7d744269c98d36f774a0
- SSDEEP
  
  12288:+tb20Qc3lT7af41ePBRYuQLKpqeUhbTv5OFgNDPPpHrYDTTAGXBvFwkmCK:+tb20pkaCqT5TBWgNjVYXc09ekJK
Score

10^/10

lokibot collection discovery spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Lokibot family
  lokibot
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lokibot family

Drops startup file

Executes dropped EXE

Loads dropped DLL

Accesses Microsoft Outlook profiles

AutoIT Executable

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2