lokibot

General

Target

afd5885712157bf7e51471f21b977788084aa78bf58d45287b4043edb2ee3495.exe
Size

508KB
Sample

241210-dw3qhaxkbl
MD5

05c620a669aa27d4df9e02b837204e09
SHA1

34edd56e841a1b873f75bd54009751988aef5bc5
SHA256

afd5885712157bf7e51471f21b977788084aa78bf58d45287b4043edb2ee3495
SHA512

5e59e030a4d97f10b8146bf17de649ae1a63eb1604d5cdf2ebd8530a597e2fb3b669d06412f21375e5754160dd3d30fda8aeaea1f835801944c64c2dd95e8f49
SSDEEP

12288:MOv5jKhsfoPA+yeVKUCUxP4C902bdRtJJPiBhR9gJfyYTo65U:Mq5TfcdHj4fmbfJ6YTN5U

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://87.120.113.235/18/pin.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  afd5885712157bf7e51471f21b977788084aa78bf58d45287b4043edb2ee3495.exe
- Size
  
  508KB
- MD5
  
  05c620a669aa27d4df9e02b837204e09
- SHA1
  
  34edd56e841a1b873f75bd54009751988aef5bc5
- SHA256
  
  afd5885712157bf7e51471f21b977788084aa78bf58d45287b4043edb2ee3495
- SHA512
  
  5e59e030a4d97f10b8146bf17de649ae1a63eb1604d5cdf2ebd8530a597e2fb3b669d06412f21375e5754160dd3d30fda8aeaea1f835801944c64c2dd95e8f49
- SSDEEP
  
  12288:MOv5jKhsfoPA+yeVKUCUxP4C902bdRtJJPiBhR9gJfyYTo65U:Mq5TfcdHj4fmbfJ6YTN5U
Score

10^/10

lokibot collection discovery spyware stealer trojan upx
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Lokibot family
  lokibot
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lokibot family

Drops startup file

Executes dropped EXE

Loads dropped DLL

Accesses Microsoft Outlook profiles

AutoIT Executable

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2