lokibot | c4e932b8211725c1cf075196b3c505dfaaaa16b3d96303561f3a4d4592310016 | Triage

Sharing

General

Target

c4e932b8211725c1cf075196b3c505dfaaaa16b3d96303561f3a4d4592310016.exe
Size

595KB
Sample

200529-w42tz5v84e
MD5

782040dfe7a260370bfb081fb3c1086c
SHA1

bcff1188aff971286210fc3a2e4ed437a76607a1
SHA256

c4e932b8211725c1cf075196b3c505dfaaaa16b3d96303561f3a4d4592310016
SHA512

e84cb30fc711969bbe0aabf0285d76876d07fa3f17160798b50bb0607c522a3769e56d623f72ae64fb49989e5ba9bec319e024aa63cd2dbcc202cfbf2b55528f

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://superson.cf/Darren/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  c4e932b8211725c1cf075196b3c505dfaaaa16b3d96303561f3a4d4592310016.exe
- Size
  
  595KB
- MD5
  
  782040dfe7a260370bfb081fb3c1086c
- SHA1
  
  bcff1188aff971286210fc3a2e4ed437a76607a1
- SHA256
  
  c4e932b8211725c1cf075196b3c505dfaaaa16b3d96303561f3a4d4592310016
- SHA512
  
  e84cb30fc711969bbe0aabf0285d76876d07fa3f17160798b50bb0607c522a3769e56d623f72ae64fb49989e5ba9bec319e024aa63cd2dbcc202cfbf2b55528f
Score

10^/10

trojan spyware stealer lokibot
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

trojanspywarestealerlokibot

behavioral2

spywaretrojanstealerlokibot