lokibot | d236ee873e8191d24434226bc7b80f0542db7ed43323181b5ee8bc3a3de052cc | Triage

Sharing

General

Target

d236ee873e8191d24434226bc7b80f0542db7ed43323181b5ee8bc3a3de052cc.exe
Size

979KB
Sample

210113-qhx2qnn67s
MD5

d6fc664bb8081dbf36630f415ec96dcf
SHA1

d6252d55da7f1036fe33049dbb65b1b68c477599
SHA256

d236ee873e8191d24434226bc7b80f0542db7ed43323181b5ee8bc3a3de052cc
SHA512

e8a5d33a45c73a0e7fe1d9afe158921af332055399b69893d9d1727375da259429eb2805b424a992618077f1d4bf0c9ff782b81025f2ca5021826bc49bd30a39

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://azme-contractors.com/chief/kev/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  d236ee873e8191d24434226bc7b80f0542db7ed43323181b5ee8bc3a3de052cc.exe
- Size
  
  979KB
- MD5
  
  d6fc664bb8081dbf36630f415ec96dcf
- SHA1
  
  d6252d55da7f1036fe33049dbb65b1b68c477599
- SHA256
  
  d236ee873e8191d24434226bc7b80f0542db7ed43323181b5ee8bc3a3de052cc
- SHA512
  
  e8a5d33a45c73a0e7fe1d9afe158921af332055399b69893d9d1727375da259429eb2805b424a992618077f1d4bf0c9ff782b81025f2ca5021826bc49bd30a39
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

lokibotspywarestealertrojan