lokibot | 4d3e8c6d43fcdf1f060986547c0d0af4a27c4ebe9377b374c6981f27d317d5cf | Triage

Sharing

General

Target

4d3e8c6d43fcdf1f060986547c0d0af4a27c4ebe9377b374c6981f27d317d5cf.exe
Size

265KB
Sample

200529-g78nbqb5ps
MD5

9da76ccff3dba8b0a81bcaa89e16eb0a
SHA1

c101fab4d20ea8848870caffb88a5f7cce06c8aa
SHA256

4d3e8c6d43fcdf1f060986547c0d0af4a27c4ebe9377b374c6981f27d317d5cf
SHA512

704e0030b8ba9f6c25165b10c10047d850a0bf448f926e67781236fb0e8ef93deac531f9a97458297993da7a279d22d2c8957975c1517b58731a55b8195a0489

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://20gharch.ir/catalog/mike/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  4d3e8c6d43fcdf1f060986547c0d0af4a27c4ebe9377b374c6981f27d317d5cf.exe
- Size
  
  265KB
- MD5
  
  9da76ccff3dba8b0a81bcaa89e16eb0a
- SHA1
  
  c101fab4d20ea8848870caffb88a5f7cce06c8aa
- SHA256
  
  4d3e8c6d43fcdf1f060986547c0d0af4a27c4ebe9377b374c6981f27d317d5cf
- SHA512
  
  704e0030b8ba9f6c25165b10c10047d850a0bf448f926e67781236fb0e8ef93deac531f9a97458297993da7a279d22d2c8957975c1517b58731a55b8195a0489
Score

10^/10

spyware trojan stealer lokibot
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

spywaretrojanstealerlokibot

behavioral2

spywaretrojanstealerlokibot