lokibot | 9ac54737e9bab406e1917f570309df5b9e58ccd3d577182eb144c4ff31bf1c14 | Triage

Sharing

General

Target

sample-326818-ce22301d051462466b6541f1e9263681.zip
Size

493KB
Sample

201205-wwtg8c6a9j
MD5

17d3ada48c97b33fa69698d1009255c0
SHA1

53c2afb5b915362401be89339656420c56941374
SHA256

9ac54737e9bab406e1917f570309df5b9e58ccd3d577182eb144c4ff31bf1c14
SHA512

dd732c8de26e02f221f6f606166cad1d4874b6db62e247d69665b530d5cfbd87f2f6bdeb775bc3440c9511f697806c5a1662040a96c05b1f2e760bb91a3531e5

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://45.134.225.18/plesk-site-preview/endustrigm.eu/http/45.134.225.18/garuba/Panel/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  test.exe
- Size
  
  834KB
- MD5
  
  ce22301d051462466b6541f1e9263681
- SHA1
  
  9af1d6f86678676ba18473df401e5cb97dc6d848
- SHA256
  
  81560d06eda75455260687223087f29f54c1a95d2b4e51ed4f3801e3d948cdba
- SHA512
  
  2dd55213e108494f05e86dc3fae5bd28f9a9d9d90471c829400c065f3264c230e2624b604f9082ab697b2691815de9c68dd2d1b69ec2647f510fa930187a9fb0
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

lokibotspywarestealertrojan