lokibot | 463688d6dfb7d1afcb6e3b13110542de17dd81cd271a79beb55d2916b5563c4c | Triage

Sharing

General

Target

JaffaCakes118_75d7e4d1730247c05bd66666c8902d56
Size

260KB
Sample

250107-yf6sfaxner
MD5

75d7e4d1730247c05bd66666c8902d56
SHA1

2670b4a3ee00a9c436d7ad5afcbf0176684225c7
SHA256

463688d6dfb7d1afcb6e3b13110542de17dd81cd271a79beb55d2916b5563c4c
SHA512

d4c13c61d5dcfbf0524a11119fe748f3db9c3eebe5c7e27b62aef6cf48338e6cba180a6cac2f47317c9306e18d593a792f314cd46af622293be67c1d288f1dca
SSDEEP

6144:cnhyn+X8BezX321bKbGrdXso/eIADG8el:chynmcez21mnHxD

Score

10^/10

lokibot collection discovery spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://63.250.40.204/~wpdemo/file.php?search=386869

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  JaffaCakes118_75d7e4d1730247c05bd66666c8902d56
- Size
  
  260KB
- MD5
  
  75d7e4d1730247c05bd66666c8902d56
- SHA1
  
  2670b4a3ee00a9c436d7ad5afcbf0176684225c7
- SHA256
  
  463688d6dfb7d1afcb6e3b13110542de17dd81cd271a79beb55d2916b5563c4c
- SHA512
  
  d4c13c61d5dcfbf0524a11119fe748f3db9c3eebe5c7e27b62aef6cf48338e6cba180a6cac2f47317c9306e18d593a792f314cd46af622293be67c1d288f1dca
- SSDEEP
  
  6144:cnhyn+X8BezX321bKbGrdXso/eIADG8el:chynmcez21mnHxD
Score

10^/10

lokibot collection spyware stealer trojan discovery
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Lokibot family
  lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojan

behavioral2

lokibotcollectiondiscoveryspywarestealertrojan