lokibot | d346086418bbd48dabcfb8ea48bad551ec66d79c3c0a2e198cd3a1083a80057f | Triage

Sharing

General

Target

QUOTATION22110577.exe
Size

394KB
Sample

201126-1p8wlke372
MD5

025c9e5be7bf95f51225106ef7e7f7b9
SHA1

c080a077177bd72e4e05d6edba282b7ca5b026e2
SHA256

d346086418bbd48dabcfb8ea48bad551ec66d79c3c0a2e198cd3a1083a80057f
SHA512

9564652112dc3f13dee4ffbc49f2dce62a2dfc17e0698d216f408253531867579af29f3b62b6cd0419d7cacaa67f65aafd52c9d2f3a833455532aa26f8310817

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://greenitylogistics.com/scss/bootstrap/mixinss/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  QUOTATION22110577.exe
- Size
  
  394KB
- MD5
  
  025c9e5be7bf95f51225106ef7e7f7b9
- SHA1
  
  c080a077177bd72e4e05d6edba282b7ca5b026e2
- SHA256
  
  d346086418bbd48dabcfb8ea48bad551ec66d79c3c0a2e198cd3a1083a80057f
- SHA512
  
  9564652112dc3f13dee4ffbc49f2dce62a2dfc17e0698d216f408253531867579af29f3b62b6cd0419d7cacaa67f65aafd52c9d2f3a833455532aa26f8310817
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

lokibotspywarestealertrojan