lokibot | ae3ba262ffc14ea78944dee9331e9336f508b0b283481262ab2ee81b90023bd1 | Triage

Sharing

General

Target

d2c6db66473c76df5fc40af64eb4abdd_JaffaCakes118
Size

229KB
Sample

241207-q7ffkatqdy
MD5

d2c6db66473c76df5fc40af64eb4abdd
SHA1

915938e4d1d7e16f1cc92c9b4977ed1f0d5cf31a
SHA256

ae3ba262ffc14ea78944dee9331e9336f508b0b283481262ab2ee81b90023bd1
SHA512

f845402ecf3ce21c750855cd8cafc367c285dd89664965143215433c0c9e101d62be714a2f20a1ed43220a21c01268bdb86ceace9d86f3926b73e3161d89d31f
SSDEEP

6144:FiXB6Sxquc2iIxvAZgqOWzZBaivEup/t3Z9x6p3:FIfqUhsvuilRZ9xq3

Score

10^/10

lokibot collection discovery spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://185.227.139.5/sxisodifntose.php/BEF2P6YRqV1nZ

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  d2c6db66473c76df5fc40af64eb4abdd_JaffaCakes118
- Size
  
  229KB
- MD5
  
  d2c6db66473c76df5fc40af64eb4abdd
- SHA1
  
  915938e4d1d7e16f1cc92c9b4977ed1f0d5cf31a
- SHA256
  
  ae3ba262ffc14ea78944dee9331e9336f508b0b283481262ab2ee81b90023bd1
- SHA512
  
  f845402ecf3ce21c750855cd8cafc367c285dd89664965143215433c0c9e101d62be714a2f20a1ed43220a21c01268bdb86ceace9d86f3926b73e3161d89d31f
- SSDEEP
  
  6144:FiXB6Sxquc2iIxvAZgqOWzZBaivEup/t3Z9x6p3:FIfqUhsvuilRZ9xq3
Score

10^/10

lokibot collection discovery spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Lokibot family
  lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectiondiscoveryspywarestealertrojan

behavioral2

lokibotcollectiondiscoveryspywarestealertrojan