lokibot

General

Target

08012025_1416_NOGHCV09872.cmd.zip
Size

631KB
Sample

250108-rrnbxawkam
MD5

ae1bd1e06ff88c9756533df7e75a06aa
SHA1

17e532f821d219bde8615d1325d71a7709b6cbd0
SHA256

c675632edea307355c72ddcc06979b9bd2917fda95ee46e15e1bd58ebb67de8f
SHA512

d952ffc5afce04355880e3bd23598d0e70c424b94aeb4bbf0fd5c9517e6c36c67a304493c02420faae0acdefe38bc82807add2641ef1fc57f1d45ae2c0c727f9
SSDEEP

12288:JhOFpVmWTu/8vZLPocZNy+/wcx28VX64RnYpE1p9WLLWzlejY24UcQCrlX98kzZu:J0wUt5P5tBxRqqIbnLc2vtCrc+4

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://172.245.123.11/tpm/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  NOGHCV09872.cmd
- Size
  
  657KB
- MD5
  
  14d9c4ea1e0aac13bb62e8913e5f8738
- SHA1
  
  c062261875473ba241637085ceb3a33631f1b333
- SHA256
  
  3dea4c555b6118e7963f57a4415692dda5c644e5675c6117c2846808e833191b
- SHA512
  
  1307ae1b1dd1aaeda153530125abed639c293ce9dd8b09176b2650ff4d6494cc98c727e53799904608fd65ec0fdeb69b322d158a1a4ee3b0c4b5ac9e25ed5126
- SSDEEP
  
  12288:KsHzOUNUSB/o5LsI1uwajJ5yvv1l25AMp9WV3W1l+LYIgUg4Clln98jx:9iUmSB/o5d1ubcvj5JUInjCl4t
Score

10^/10

lokibot collection discovery spyware stealer trojan upx
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Lokibot family
  lokibot
- Drops startup file
- Executes dropped EXE
- Loads dropped DLL
- Accesses Microsoft Outlook profiles
  collection
- AutoIT Executable
  AutoIT scripts compiled to PE executables.
- Suspicious use of SetThreadContext
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lokibot family

Drops startup file

Executes dropped EXE

Loads dropped DLL

Accesses Microsoft Outlook profiles

AutoIT Executable

Suspicious use of SetThreadContext

UPX packed file

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2