lokibot | ed84a6cb70969bc490e4b72bd028652cde787dcda41b5cfa7ed18ed7f592b9eb | Triage

Sharing

General

Target

JaffaCakes118_65c84a143ebe579a56d16b9628e042ea
Size

395KB
Sample

250107-qtlqestjat
MD5

65c84a143ebe579a56d16b9628e042ea
SHA1

ce988611870cdabd04fba38176555ca4815ffd4e
SHA256

ed84a6cb70969bc490e4b72bd028652cde787dcda41b5cfa7ed18ed7f592b9eb
SHA512

62c16119c5aceac7859fd9d9fadd19535319f73b1dd1f0169b715471a51d2b65238fe161f438241e00f63e9540610596937d06dd057460751b7e61cc4af4f18d
SSDEEP

6144:hsonJH5wognja6Uqd2GhNBSgDh0kBE7woo3eDYCFwdjLvgSHKAm9:PHgjUi2iNtDuk67ZPDfFwdLvhM

Score

10^/10

lokibot collection discovery spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://63.250.40.204/~wpdemo/file.php?search=835338

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  JaffaCakes118_65c84a143ebe579a56d16b9628e042ea
- Size
  
  395KB
- MD5
  
  65c84a143ebe579a56d16b9628e042ea
- SHA1
  
  ce988611870cdabd04fba38176555ca4815ffd4e
- SHA256
  
  ed84a6cb70969bc490e4b72bd028652cde787dcda41b5cfa7ed18ed7f592b9eb
- SHA512
  
  62c16119c5aceac7859fd9d9fadd19535319f73b1dd1f0169b715471a51d2b65238fe161f438241e00f63e9540610596937d06dd057460751b7e61cc4af4f18d
- SSDEEP
  
  6144:hsonJH5wognja6Uqd2GhNBSgDh0kBE7woo3eDYCFwdjLvgSHKAm9:PHgjUi2iNtDuk67ZPDfFwdLvhM
Score

10^/10

lokibot collection discovery spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Lokibot family
  lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectiondiscoveryspywarestealertrojan

behavioral2

lokibotcollectiondiscoveryspywarestealertrojan