lokibot

General

Target

fe779878cbea958f6edba5361e2f593b2c20edb75bec28f663bafc649effb359N.exe
Size

1.4MB
Sample

250117-sw4p5atrgq
MD5

1e209fdc3bcf2ecd44050761a550b970
SHA1

44e8b42fb2302493b9df1b886d38306a88b83472
SHA256

fe779878cbea958f6edba5361e2f593b2c20edb75bec28f663bafc649effb359
SHA512

412d7b4b20333e9b8db41ea89a9d9c47bee6cfca6fcdb93b2c477fc6eae40d0a79043a2c727bb2a8bebea0a75ce121e7d0d9d582a89143ccf612a9ee8ef04eb4
SSDEEP

24576:UBxkAUaE5ZOev1RIAhjLoamMiX4lNmZg0YxegPbUIDPP:YWaEzBjLoyEkmZ9Y14

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://2.59.254.19/noko/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  fe779878cbea958f6edba5361e2f593b2c20edb75bec28f663bafc649effb359N.exe
- Size
  
  1.4MB
- MD5
  
  1e209fdc3bcf2ecd44050761a550b970
- SHA1
  
  44e8b42fb2302493b9df1b886d38306a88b83472
- SHA256
  
  fe779878cbea958f6edba5361e2f593b2c20edb75bec28f663bafc649effb359
- SHA512
  
  412d7b4b20333e9b8db41ea89a9d9c47bee6cfca6fcdb93b2c477fc6eae40d0a79043a2c727bb2a8bebea0a75ce121e7d0d9d582a89143ccf612a9ee8ef04eb4
- SSDEEP
  
  24576:UBxkAUaE5ZOev1RIAhjLoamMiX4lNmZg0YxegPbUIDPP:YWaEzBjLoyEkmZ9Y14
Score

10^/10

lokibot collection discovery spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Lokibot family
  lokibot
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lokibot family

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2