lokibot

General

Target

RFQ Valves 664KU.exe
Size

1.1MB
Sample

201217-2mtas5sgds
MD5

3352c3dec270a79c54d41ba24ed4d40a
SHA1

24871d56b5af7b56cb06923c07aec98eb8f51e55
SHA256

016fa792f8385aa4279c96be727537b054dc89e5f58d1b90f271e37c8cad9c00
SHA512

df368f92079ab6600bbf11d31e2d7c2d760a88406caad31823d417fa06d26785295b5c4824e88d4b45dc69de1006f870a19236f43858a7660bf934d28c11a0ab

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://gandokiblit.pw/.blessdnewweek/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  RFQ Valves 664KU.exe
- Size
  
  1.1MB
- MD5
  
  3352c3dec270a79c54d41ba24ed4d40a
- SHA1
  
  24871d56b5af7b56cb06923c07aec98eb8f51e55
- SHA256
  
  016fa792f8385aa4279c96be727537b054dc89e5f58d1b90f271e37c8cad9c00
- SHA512
  
  df368f92079ab6600bbf11d31e2d7c2d760a88406caad31823d417fa06d26785295b5c4824e88d4b45dc69de1006f870a19236f43858a7660bf934d28c11a0ab
Score

10^/10

modiloader trojan lokibot persistence spyware stealer
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader First Stage
- Executes dropped EXE
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

ModiLoader, DBatLoader

ModiLoader First Stage

Executes dropped EXE

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2