lokibot | f6b28caa545c754cd1c400bca51eecdda1a2ae017c5737320a359a61ed2d25f9 | Triage

Sharing

General

Target

12022025_0653_Objednávka_(PO208919)_Agropodnik_A.S_Trnava.exe.iso
Size

266KB
Sample

250212-hntvva1ngv
MD5

f92abb2861ce41d7f23f45248d5f89e9
SHA1

db50fe92682c480e24d1c0ac6736434a62898c36
SHA256

f6b28caa545c754cd1c400bca51eecdda1a2ae017c5737320a359a61ed2d25f9
SHA512

c486bfd0cd85c7a639691e889f96579051f6c4dfaa3249e3fcb75d5980c2bd58921425ec101564a4fb8de3bc9c566b6a0ab328d5d4eed7db598c6521e1a2254f
SSDEEP

3072:+/hjZYOLYwIs9rLM2OXps4qlALF3r1u45Iymcwm6Upm/W6OEAmjc+e:2hjpLjG64D9j5Tb6wm/uEAmg+

Score

10^/10

lokibot collection discovery spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

https://taurusfood-com-ua.cfd/RLO/PWS/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  Objednávka_(PO208919)_Agropodnik_A.S_Trnava.exe
- Size
  
  205KB
- MD5
  
  522be3a6169aafdcd8cb667335561a1e
- SHA1
  
  9d973aa0c89ef14d8352655fa96fda19199e2f1d
- SHA256
  
  607ae2812c4933e7dc70081e55dac398f6729e32708ab1a723c2340dca6bd501
- SHA512
  
  1cdeb1798ec1bbd77db3592606d6781d4ed77ae87021609d549814ca6eee037cd8b918bf7b21d9dd949f5fe4ac34d4ad7c5b0d019744137f7b41291c0f6acc6f
- SSDEEP
  
  3072:w/hjZYOLYwIs9rLM2OXps4qlALF3r1u45Iymcwm6Upm/W6OEAmjc+e:ohjpLjG64D9j5Tb6wm/uEAmg+
Score

10^/10

lokibot collection discovery spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Lokibot family
  lokibot
- Downloads MZ/PE file
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectiondiscoveryspywarestealertrojan

behavioral2

lokibotcollectiondiscoveryspywarestealertrojan