lokibot

General

Target

f4c0448c427e926b0d3c0d1fbc1a866e.bin
Size

174KB
Sample

241224-cc56vaylbz
MD5

5a412d6e4a8d2505c6794312c3160865
SHA1

60ff0de3962245ec28db420587f2533b24b0a5c9
SHA256

442536376e12b3cdcbae19cb9af21968717e337faaf0ac55d16910b0a7121cdb
SHA512

3f1a2bc8b1ee87e61d6bd5727ebee27bfe47480286f108fb274d31494146fbefccca0a119c69c42248b4d8af6189e2e56d2efd7f530cb21ac7dfae1016f6ddbb
SSDEEP

3072:dyleU98TLe6VluAhLvX1fxk0IiYHq8qakyk49F7ihyqtaEW20/R5y0bMaE:dyleU98hV9/1DX/fyki7oyqtW20bNbM5

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

https://publicspeaking.co.id/okoye/Panel/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  cee3904c1eb0245328cbbe8770f69417d56218ba9ed6ded95d60183264557fef.exe
- Size
  
  564KB
- MD5
  
  f4c0448c427e926b0d3c0d1fbc1a866e
- SHA1
  
  273aa64fd2523237acde7d342a09a259a3c5499a
- SHA256
  
  cee3904c1eb0245328cbbe8770f69417d56218ba9ed6ded95d60183264557fef
- SHA512
  
  605665259a268ccf31d01c6332693d259f37efa72e517dc6bc09c5fc66b53b274bfd9f111607499f9aad64c87aa70b8c9c21fe69a6c532b193e2704f1ce9fd1c
- SSDEEP
  
  12288:qVAsGfYtKR7zmF4WdwGexfoAu9kcNuuh5:qVAsGfYtKR7yFjdwGexf5u9kcNuuh5
Score

10^/10

lokibot collection discovery spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Lokibot family
  lokibot
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1

T1059

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lokibot family

Uses the VBS compiler for execution

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2