lokibot

General

Target

a9990e98039ba3491532d56cef0b55982b162a0b67c77eeae8c128a2f98652a6.exe
Size

610KB
Sample

200708-c7a8ctbjkj
MD5

89aaf9fc5bb15426d80ffb8c983f1d14
SHA1

3c6f23b048214e07bf6c2a8ca914da6dc23ccb6a
SHA256

a9990e98039ba3491532d56cef0b55982b162a0b67c77eeae8c128a2f98652a6
SHA512

9b4602a0c12e20e4aa68f0112ba389ce459fb38890f582f2de81dc1438bd1f678bed528c9db99a2762d0ce2e36ba94ee1a4df4360aa0bb3b2e530b472cf1e907

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://rostovafile.ga/Colba2/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  a9990e98039ba3491532d56cef0b55982b162a0b67c77eeae8c128a2f98652a6.exe
- Size
  
  610KB
- MD5
  
  89aaf9fc5bb15426d80ffb8c983f1d14
- SHA1
  
  3c6f23b048214e07bf6c2a8ca914da6dc23ccb6a
- SHA256
  
  a9990e98039ba3491532d56cef0b55982b162a0b67c77eeae8c128a2f98652a6
- SHA512
  
  9b4602a0c12e20e4aa68f0112ba389ce459fb38890f582f2de81dc1438bd1f678bed528c9db99a2762d0ce2e36ba94ee1a4df4360aa0bb3b2e530b472cf1e907
Score

10^/10

spyware trojan stealer lokibot
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads user/profile data of web browsers

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2