lokibot | a8d610f19e96de89a6f0ca74140b1ce763cb5f2cf2755f17ed411f81eed9bf2f | Triage

Sharing

General

Target

0fc7bb462e9828b1d1a8e6eb348496f7.exe
Size

612KB
Sample

210113-m3kl685l1n
MD5

0fc7bb462e9828b1d1a8e6eb348496f7
SHA1

2960267bf2e2a31bf2874bda6bc638eb3d0c1d09
SHA256

a8d610f19e96de89a6f0ca74140b1ce763cb5f2cf2755f17ed411f81eed9bf2f
SHA512

a95d2b237c7cdfd74042bd9c8ff04436b4de5fe99bf10f4b9e23f4d95e0bb4000be4e6485cbb84056eaa462faa307d19573e6fb6a2f324cd009855462e9184d2

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://azzmtool.com/chief/offor/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  0fc7bb462e9828b1d1a8e6eb348496f7.exe
- Size
  
  612KB
- MD5
  
  0fc7bb462e9828b1d1a8e6eb348496f7
- SHA1
  
  2960267bf2e2a31bf2874bda6bc638eb3d0c1d09
- SHA256
  
  a8d610f19e96de89a6f0ca74140b1ce763cb5f2cf2755f17ed411f81eed9bf2f
- SHA512
  
  a95d2b237c7cdfd74042bd9c8ff04436b4de5fe99bf10f4b9e23f4d95e0bb4000be4e6485cbb84056eaa462faa307d19573e6fb6a2f324cd009855462e9184d2
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

lokibotspywarestealertrojan