lokibot | 68ce4c2d58b6b9ea56c0e3b2fd4cd0fb6f66396346c3f56f3a1020d11bfcf68b | Triage

Sharing

General

Target

68ce4c2d58b6b9ea56c0e3b2fd4cd0fb6f66396346c3f56f3a1020d11bfcf68b
Size

496KB
Sample

250220-bhafpatkar
MD5

9fcd69cffcf13fd5d7230a94b96997e4
SHA1

45380d2421762aa8220060eec7fda31e24b959f1
SHA256

68ce4c2d58b6b9ea56c0e3b2fd4cd0fb6f66396346c3f56f3a1020d11bfcf68b
SHA512

fe5748275b25ca12c3a0e514c6640c9bddd0d06b8f06e0670bc01791e8140f8ae590afa83759887438143fc103b56272f27cc10a95c291fa457a0a40b189f0ca
SSDEEP

12288:w3vNGY2Ow4Fuya1ghBEbbwjT10DdiB7Sgi1XyIux:YcSw+UgXYbC1Oda7SnY

Score

10^/10

lokibot collection discovery spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://198.187.30.47/p.php?id=21645050038542306

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  68ce4c2d58b6b9ea56c0e3b2fd4cd0fb6f66396346c3f56f3a1020d11bfcf68b
- Size
  
  496KB
- MD5
  
  9fcd69cffcf13fd5d7230a94b96997e4
- SHA1
  
  45380d2421762aa8220060eec7fda31e24b959f1
- SHA256
  
  68ce4c2d58b6b9ea56c0e3b2fd4cd0fb6f66396346c3f56f3a1020d11bfcf68b
- SHA512
  
  fe5748275b25ca12c3a0e514c6640c9bddd0d06b8f06e0670bc01791e8140f8ae590afa83759887438143fc103b56272f27cc10a95c291fa457a0a40b189f0ca
- SSDEEP
  
  12288:w3vNGY2Ow4Fuya1ghBEbbwjT10DdiB7Sgi1XyIux:YcSw+UgXYbC1Oda7SnY
Score

10^/10

lokibot collection discovery spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Lokibot family
  lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotcollectiondiscoveryspywarestealertrojan

behavioral2

lokibotcollectiondiscoveryspywarestealertrojan