lokibot | 0c26809f50f5349e7270d6a183a509a37356ea6109cced6f723236f86ae03a98 | Triage

Submit
Reports

Overview

overview

Static

static

3

15458418d8...18.exe

windows7-x64

15458418d8...18.exe

windows10-2004-x64

Sharing

General

Target

15458418d8327e36deaf27b44ef130ff_JaffaCakes118
Size

676KB
Sample

240627-j2hv6sshkq
MD5

15458418d8327e36deaf27b44ef130ff
SHA1

86569ce90fde2f4d7c9df765bc4211c5d8745391
SHA256

0c26809f50f5349e7270d6a183a509a37356ea6109cced6f723236f86ae03a98
SHA512

455df069e9fe73d1ad954f51e20b1b351e61cbbc19420372e30a6782c913fce0e91b80436aaa376b66be87fc67c0701199b922c46662ce617e782a97c139fc71
SSDEEP

12288:2fJzgG7TY76z6hGUOirIET1+6lHwqh6QFeH0sc2lnrZkts12ynvec8c7Ni5sPQmO:UzN6YktxTH5H

Score

10^/10

lokibot collection spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

15458418d8327e36deaf27b44ef130ff_JaffaCakes118.exe

Resource

win7-20240508-en

lokibot collection spyware stealer trojan

windows7-x64

11 signatures

150 seconds

Behavioral task

behavioral2

Sample

15458418d8327e36deaf27b44ef130ff_JaffaCakes118.exe

Resource

win10v2004-20240508-en

lokibot collection spyware stealer trojan

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Extracted

Family

lokibot

C2

http://142.11.210.173/1/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  15458418d8327e36deaf27b44ef130ff_JaffaCakes118
- Size
  
  676KB
- MD5
  
  15458418d8327e36deaf27b44ef130ff
- SHA1
  
  86569ce90fde2f4d7c9df765bc4211c5d8745391
- SHA256
  
  0c26809f50f5349e7270d6a183a509a37356ea6109cced6f723236f86ae03a98
- SHA512
  
  455df069e9fe73d1ad954f51e20b1b351e61cbbc19420372e30a6782c913fce0e91b80436aaa376b66be87fc67c0701199b922c46662ce617e782a97c139fc71
- SSDEEP
  
  12288:2fJzgG7TY76z6hGUOirIET1+6lHwqh6QFeH0sc2lnrZkts12ynvec8c7Ni5sPQmO:UzN6YktxTH5H
Score

10^/10

lokibot collection spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Scheduled Task/Job

Scheduled Task

Persistence

Scheduled Task/Job

Scheduled Task

Privilege Escalation

Scheduled Task/Job

Scheduled Task

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Email Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

lokibotcollectionspywarestealertrojan

behavioral2

lokibotcollectionspywarestealertrojan

© 2018-2024

Terms | Privacy