lokibot | 4de85d50d42bfbba02fc9fde0c63803d2c6122e68f91df1a953375008457dfa9 | Triage

Sharing

General

Target

JaffaCakes118_eaf9500b8bf84abef0a6925ee3ddc0b6
Size

531KB
Sample

250110-w19cysvjgm
MD5

eaf9500b8bf84abef0a6925ee3ddc0b6
SHA1

9763222fe3bc6c5fb9f41437286c56375c72a900
SHA256

4de85d50d42bfbba02fc9fde0c63803d2c6122e68f91df1a953375008457dfa9
SHA512

90633c3de23439ba415f88b38aadb51d35bc2b73d7baeb288503bc1380941e1aa77e3dda38e15b941e903b0846bbcf82b72db72afac24fc5b243d7d0a5a7adbe
SSDEEP

12288:IkgzrbsG+zYluM/r+JiC3L9ptKQvxXWsyZuZiTJfoXSJhVXB:lm/ZuIFo8hVXB

Score

10^/10

lokibot collection discovery spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://37.0.10.190/non/z/pin.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  JaffaCakes118_eaf9500b8bf84abef0a6925ee3ddc0b6
- Size
  
  531KB
- MD5
  
  eaf9500b8bf84abef0a6925ee3ddc0b6
- SHA1
  
  9763222fe3bc6c5fb9f41437286c56375c72a900
- SHA256
  
  4de85d50d42bfbba02fc9fde0c63803d2c6122e68f91df1a953375008457dfa9
- SHA512
  
  90633c3de23439ba415f88b38aadb51d35bc2b73d7baeb288503bc1380941e1aa77e3dda38e15b941e903b0846bbcf82b72db72afac24fc5b243d7d0a5a7adbe
- SSDEEP
  
  12288:IkgzrbsG+zYluM/r+JiC3L9ptKQvxXWsyZuZiTJfoXSJhVXB:lm/ZuIFo8hVXB
Score

10^/10

lokibot collection discovery spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Lokibot family
  lokibot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Uses the VBS compiler for execution
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectiondiscoveryspywarestealertrojan

behavioral2

lokibotcollectiondiscoveryspywarestealertrojan