lokibot

General

Target

C047P-T671-006.exe
Size

1.1MB
Sample

201220-49128fgtpj
MD5

496b5ed6b3ecf7d051753e8f0fc83fef
SHA1

4aef35d45541ad7b9500b5a097a023fb7e0418d4
SHA256

4879b08466a01b8e2ce44f95e462852573440a24dce3f1858292805c3fcd713f
SHA512

ac8535beb8c0d2df772dc9d8626ba5f706b8c32525608d747fd6e4306605069e28ab79e3655266d1e74829feca90e9410321aca65e07e8fd1654760b2a48566e

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://gandokiblit.pw/.blessdnewweek/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  C047P-T671-006.exe
- Size
  
  1.1MB
- MD5
  
  496b5ed6b3ecf7d051753e8f0fc83fef
- SHA1
  
  4aef35d45541ad7b9500b5a097a023fb7e0418d4
- SHA256
  
  4879b08466a01b8e2ce44f95e462852573440a24dce3f1858292805c3fcd713f
- SHA512
  
  ac8535beb8c0d2df772dc9d8626ba5f706b8c32525608d747fd6e4306605069e28ab79e3655266d1e74829feca90e9410321aca65e07e8fd1654760b2a48566e
Score

10^/10

lokibot modiloader persistence spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- ModiLoader, DBatLoader
  ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
  trojan modiloader
- ModiLoader First Stage
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1

T1060

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

ModiLoader, DBatLoader

ModiLoader First Stage

Adds Run key to start application

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2