lokibot

General

Target

af72965aecd13c67c0e1416b597871dfe4ded290d17b4e267cce1e7bc6002e52.exe
Size

321KB
Sample

200717-6k2z7zn8fa
MD5

44743f989b05acaa14c474923202da53
SHA1

081dfcd3b9beccf1892092e0405914e244c55e2b
SHA256

af72965aecd13c67c0e1416b597871dfe4ded290d17b4e267cce1e7bc6002e52
SHA512

83a02a9d22cc407dbf9faf1d07171b7bd05555c3c867c791655e2d510ff5349c11748c117dca54862edd9fd93be6472629dc548e842e999b1ea9939ac6836e98

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://195.69.140.147/.op/cr.php/QQ9RX53CNTMRH

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  af72965aecd13c67c0e1416b597871dfe4ded290d17b4e267cce1e7bc6002e52.exe
- Size
  
  321KB
- MD5
  
  44743f989b05acaa14c474923202da53
- SHA1
  
  081dfcd3b9beccf1892092e0405914e244c55e2b
- SHA256
  
  af72965aecd13c67c0e1416b597871dfe4ded290d17b4e267cce1e7bc6002e52
- SHA512
  
  83a02a9d22cc407dbf9faf1d07171b7bd05555c3c867c791655e2d510ff5349c11748c117dca54862edd9fd93be6472629dc548e842e999b1ea9939ac6836e98
Score

10^/10

spyware trojan stealer lokibot
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads user/profile data of web browsers

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks

static1

behavioral1

behavioral2