lokibot | e09a6d651f6bbb29c9de2321977d94d7eadf264ca3eb6bd0b7a6876cd6e4866a | Triage

Sharing

General

Target

e09a6d651f6bbb29c9de2321977d94d7eadf264ca3eb6bd0b7a6876cd6e4866a.exe
Size

718KB
Sample

210113-epq8twx4ks
MD5

6fae6d93b3909aebb73a95805a159fca
SHA1

f4089ce9e6b8889fc9e8da29ec4634fc47f44770
SHA256

e09a6d651f6bbb29c9de2321977d94d7eadf264ca3eb6bd0b7a6876cd6e4866a
SHA512

f9feaf71dce52572d8cf425720253e3926c78f541c0e166bcefdbb40dc24ff32dadc24f2b14fc80ee63104dcfd8d7420cab1c026b36f7411ad8dea02937d2d58

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://becharnise.ir/fa2/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  e09a6d651f6bbb29c9de2321977d94d7eadf264ca3eb6bd0b7a6876cd6e4866a.exe
- Size
  
  718KB
- MD5
  
  6fae6d93b3909aebb73a95805a159fca
- SHA1
  
  f4089ce9e6b8889fc9e8da29ec4634fc47f44770
- SHA256
  
  e09a6d651f6bbb29c9de2321977d94d7eadf264ca3eb6bd0b7a6876cd6e4866a
- SHA512
  
  f9feaf71dce52572d8cf425720253e3926c78f541c0e166bcefdbb40dc24ff32dadc24f2b14fc80ee63104dcfd8d7420cab1c026b36f7411ad8dea02937d2d58
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

lokibotspywarestealertrojan