lokibot

General

Target

BankSlip_pdf.exe
Size

932KB
Sample

250224-kch1batl13
MD5

f0f08d78a83a15b9aaf07ae320fd1737
SHA1

ff9c8bbd595991ee633ec43c79a52e5b3ee4ed45
SHA256

dfc9bad6efe2b1ff8eb0b0757672044a9a0054161fce034e9ed296cd3fafddc2
SHA512

8f76c2427dabd03523914c05c3f93acc9b17ee89cf9f5a7ba524d667f1e74374fb5c53781fd7ea90f4baa1886ca021f195d3f4e2e13b7617fd23ed82f528ae30
SSDEEP

12288:nu6JWgXT7rKfXNeKgOIc0nAWY/ySWHDVz/Vovh7V1C0NnCGso9fgBDYgaOT7SWWh:nu6J33O0c+JY5UZ+XC0kGso6Fa27SWY

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://94.156.177.41/sss1/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  BankSlip_pdf.exe
- Size
  
  932KB
- MD5
  
  f0f08d78a83a15b9aaf07ae320fd1737
- SHA1
  
  ff9c8bbd595991ee633ec43c79a52e5b3ee4ed45
- SHA256
  
  dfc9bad6efe2b1ff8eb0b0757672044a9a0054161fce034e9ed296cd3fafddc2
- SHA512
  
  8f76c2427dabd03523914c05c3f93acc9b17ee89cf9f5a7ba524d667f1e74374fb5c53781fd7ea90f4baa1886ca021f195d3f4e2e13b7617fd23ed82f528ae30
- SSDEEP
  
  12288:nu6JWgXT7rKfXNeKgOIc0nAWY/ySWHDVz/Vovh7V1C0NnCGso9fgBDYgaOT7SWWh:nu6J33O0c+JY5UZ+XC0kGso6Fa27SWY
Score

10^/10

lokibot collection discovery spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Lokibot family
  lokibot
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Email Collection

1

T1114

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Lokibot family

Accesses Microsoft Outlook profiles

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2