lokibot | b0338b91aa0b369df2ae84cb60ab7d783111fdc4b5109ee4b60c8564a06a74b1 | Triage

Sharing

General

Target

b0338b91aa0b369df2ae84cb60ab7d783111fdc4b5109ee4b60c8564a06a74b1.exe
Size

649KB
Sample

200708-2q8r79347e
MD5

423aad880b270f56bc47d4748d0892b4
SHA1

dcfb56d0304e3549e2ca7d56e7c817fd90a04290
SHA256

b0338b91aa0b369df2ae84cb60ab7d783111fdc4b5109ee4b60c8564a06a74b1
SHA512

c45dfce215ce5a284248c3b5ed55d3f6c000dba073cd96660b065454451afe3d389ca52f1e01972038ba9c51c53de0b1315d20411eec61176b751782f6289a4b

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://mecharnise.ir/ea7/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  b0338b91aa0b369df2ae84cb60ab7d783111fdc4b5109ee4b60c8564a06a74b1.exe
- Size
  
  649KB
- MD5
  
  423aad880b270f56bc47d4748d0892b4
- SHA1
  
  dcfb56d0304e3549e2ca7d56e7c817fd90a04290
- SHA256
  
  b0338b91aa0b369df2ae84cb60ab7d783111fdc4b5109ee4b60c8564a06a74b1
- SHA512
  
  c45dfce215ce5a284248c3b5ed55d3f6c000dba073cd96660b065454451afe3d389ca52f1e01972038ba9c51c53de0b1315d20411eec61176b751782f6289a4b
Score

10^/10

spyware trojan stealer lokibot
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

spywaretrojanstealerlokibot

behavioral2

spywaretrojanstealerlokibot