lokibot

General

Target

404f2420708cee39bb4f5c17d735a5c24a9d71efa5dc74aaedb434ff5254e72c.exe
Size

332KB
Sample

200707-yd915x2b4n
MD5

dd03071b4a17130fcff4f9fb5b4fd533
SHA1

8a038e1ed5dcede0207e2267890a7dc9393d28ef
SHA256

404f2420708cee39bb4f5c17d735a5c24a9d71efa5dc74aaedb434ff5254e72c
SHA512

6f94f89dda5c2e6bca2a61219cfa30631751c3dce73c375b9515fb2493ae5709be18ba23f0eb9b06cd6e2a30af50e2dbd6326c06305569bb64a75aca3f736c8e

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://195.69.140.147/.op/cr.php/xbqxHCR0T1UiD

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  404f2420708cee39bb4f5c17d735a5c24a9d71efa5dc74aaedb434ff5254e72c.exe
- Size
  
  332KB
- MD5
  
  dd03071b4a17130fcff4f9fb5b4fd533
- SHA1
  
  8a038e1ed5dcede0207e2267890a7dc9393d28ef
- SHA256
  
  404f2420708cee39bb4f5c17d735a5c24a9d71efa5dc74aaedb434ff5254e72c
- SHA512
  
  6f94f89dda5c2e6bca2a61219cfa30631751c3dce73c375b9515fb2493ae5709be18ba23f0eb9b06cd6e2a30af50e2dbd6326c06305569bb64a75aca3f736c8e
Score

10^/10

trojan spyware stealer lokibot
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads user/profile data of web browsers

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2