lokibot

General

Target

44G2L_file.exe
Size

506KB
Sample

241209-tzt6jatmht
MD5

1b69820e325f4f2218e96b7e3febe38e
SHA1

e48ba0cd72da1802f2c01f24839f2df2f83b4a57
SHA256

be789d9c5185f7f04ddb78f2b39f9dd7415080c4d975139fc612158b0b3a5bad
SHA512

7308e6bd9fb0499c0caac66339bdccb058750048efdc6b6263216739ca31f5c01d3277e4b1a4c51d17a429ad1a96543189f22df458d9c9bb9d35a2c6109e128b
SSDEEP

12288:FOv5jKhsfoPA+yeVKUCUxP4C902bdRtJJPiuHR1ABUMl1W8:Fq5TfcdHj4fmbiBUGs8

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://87.120.113.235/18/pin.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  44G2L_file.exe
- Size
  
  506KB
- MD5
  
  1b69820e325f4f2218e96b7e3febe38e
- SHA1
  
  e48ba0cd72da1802f2c01f24839f2df2f83b4a57
- SHA256
  
  be789d9c5185f7f04ddb78f2b39f9dd7415080c4d975139fc612158b0b3a5bad
- SHA512
  
  7308e6bd9fb0499c0caac66339bdccb058750048efdc6b6263216739ca31f5c01d3277e4b1a4c51d17a429ad1a96543189f22df458d9c9bb9d35a2c6109e128b
- SSDEEP
  
  12288:FOv5jKhsfoPA+yeVKUCUxP4C902bdRtJJPiuHR1ABUMl1W8:Fq5TfcdHj4fmbiBUGs8
Score

10^/10

lokibot collection discovery spyware stealer trojan upx
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Lokibot family
  lokibot
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lokibot family

Drops startup file

Executes dropped EXE

Loads dropped DLL

Accesses Microsoft Outlook profiles

AutoIT Executable

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2