lokibot | 9010e5361743ddacac6baa4a585ed4d9db9ed3ce65401b012d16923afebe414f | Triage

Sharing

General

Target

dd56737c942385f2ab60a3e80a175ed2.exe
Size

985KB
Sample

210113-rxvvfnl8qs
MD5

dd56737c942385f2ab60a3e80a175ed2
SHA1

1a990bf3c300b119de7b9f6f16b246c6a8848855
SHA256

9010e5361743ddacac6baa4a585ed4d9db9ed3ce65401b012d16923afebe414f
SHA512

e1a5c778629068c23af7884db21f0e96a16ddb52f24934bf1b7a945632db902ad41f4bfb7749d8ed6280c0bc1e1a4fa51598d6f53f7988c0bf65a7b920dc1a1b

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://azzmtool.com/chief/offor/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  dd56737c942385f2ab60a3e80a175ed2.exe
- Size
  
  985KB
- MD5
  
  dd56737c942385f2ab60a3e80a175ed2
- SHA1
  
  1a990bf3c300b119de7b9f6f16b246c6a8848855
- SHA256
  
  9010e5361743ddacac6baa4a585ed4d9db9ed3ce65401b012d16923afebe414f
- SHA512
  
  e1a5c778629068c23af7884db21f0e96a16ddb52f24934bf1b7a945632db902ad41f4bfb7749d8ed6280c0bc1e1a4fa51598d6f53f7988c0bf65a7b920dc1a1b
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

lokibotspywarestealertrojan