lokibot | b0c319afdb0f2e082ffd442716c5adbf17b663d65b3a175f7624b4b047f3f1a9 | Triage

Sharing

General

Target

b0c319afdb0f2e082ffd442716c5adbf17b663d65b3a175f7624b4b047f3f1a9.exe
Size

594KB
Sample

200529-76pjmhvzta
MD5

c5dffe2ac05bc45d1cada578d4aa29d9
SHA1

d250030143d84168e640f202ebb09197fd0abdd6
SHA256

b0c319afdb0f2e082ffd442716c5adbf17b663d65b3a175f7624b4b047f3f1a9
SHA512

35c96a7d91da53031c3fc2c18505e834f22f8a58faddc1e1100b34ea970707d8e2728e552ae5d32694cce346c33d3f911d68922c83a925356cbe9d051f34cfa6

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://rob1nsonus.tk/Obi/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  b0c319afdb0f2e082ffd442716c5adbf17b663d65b3a175f7624b4b047f3f1a9.exe
- Size
  
  594KB
- MD5
  
  c5dffe2ac05bc45d1cada578d4aa29d9
- SHA1
  
  d250030143d84168e640f202ebb09197fd0abdd6
- SHA256
  
  b0c319afdb0f2e082ffd442716c5adbf17b663d65b3a175f7624b4b047f3f1a9
- SHA512
  
  35c96a7d91da53031c3fc2c18505e834f22f8a58faddc1e1100b34ea970707d8e2728e552ae5d32694cce346c33d3f911d68922c83a925356cbe9d051f34cfa6
Score

10^/10

trojan spyware stealer lokibot
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

trojanspywarestealerlokibot

behavioral2

spywaretrojanstealerlokibot