lokibot | b64ddd178d652c5432004449edc53fea2abdba8633259b4d8b329e1c8484e98a | Triage

Sharing

General

Target

eb10f63dfbef8562e34771e306f52c8a.exe
Size

100KB
Sample

200731-djnxcwgwgn
MD5

eb10f63dfbef8562e34771e306f52c8a
SHA1

daad8c52400fbdcec0a1f8365d3a061087ada11d
SHA256

b64ddd178d652c5432004449edc53fea2abdba8633259b4d8b329e1c8484e98a
SHA512

a426eb862442ea9b92d927df935fc49ccffa3f965be9493cedda03c6a4d2c0d7361073d10a431b9f012e1adca867b8f3e161e291fe0c4372beb84dfe70968219

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://104.223.143.234/coconut/Panel/Panel/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  eb10f63dfbef8562e34771e306f52c8a.exe
- Size
  
  100KB
- MD5
  
  eb10f63dfbef8562e34771e306f52c8a
- SHA1
  
  daad8c52400fbdcec0a1f8365d3a061087ada11d
- SHA256
  
  b64ddd178d652c5432004449edc53fea2abdba8633259b4d8b329e1c8484e98a
- SHA512
  
  a426eb862442ea9b92d927df935fc49ccffa3f965be9493cedda03c6a4d2c0d7361073d10a431b9f012e1adca867b8f3e161e291fe0c4372beb84dfe70968219
Score

10^/10

spyware trojan stealer lokibot
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

spywaretrojanstealerlokibot

behavioral2

trojanspywarestealerlokibot