lokibot | 56790883c5da2b30d0f089454ab67a354d98de2a7796e34d0438e0b515a3ec3d | Triage

Sharing

General

Target

56790883c5da2b30d0f089454ab67a354d98de2a7796e34d0438e0b515a3ec3d.exe
Size

632KB
Sample

201205-d5zftelzjn
MD5

f6c704a0363a8b530d9beb4e07cea5de
SHA1

2c3096f67064ffa63e785dd34b4b0ecdce975e77
SHA256

56790883c5da2b30d0f089454ab67a354d98de2a7796e34d0438e0b515a3ec3d
SHA512

619c49e75074d696759a4cb4ce1f95eb9f1295c8870b73864dea9452fb6e88adeebdda5c32b79eb909bd336cf319baeb8f01f5323c761651eacff803f6382b7a

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://webtex.ga/rojas/gate.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  56790883c5da2b30d0f089454ab67a354d98de2a7796e34d0438e0b515a3ec3d.exe
- Size
  
  632KB
- MD5
  
  f6c704a0363a8b530d9beb4e07cea5de
- SHA1
  
  2c3096f67064ffa63e785dd34b4b0ecdce975e77
- SHA256
  
  56790883c5da2b30d0f089454ab67a354d98de2a7796e34d0438e0b515a3ec3d
- SHA512
  
  619c49e75074d696759a4cb4ce1f95eb9f1295c8870b73864dea9452fb6e88adeebdda5c32b79eb909bd336cf319baeb8f01f5323c761651eacff803f6382b7a
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

lokibotspywarestealertrojan