lokibot | e0fa6c966f07e112cf5c5e78a8d421aba10d7a05e0e3a7f352be03e0ad5389b1 | Triage

Sharing

General

Target

e0fa6c966f07e112cf5c5e78a8d421aba10d7a05e0e3a7f352be03e0ad5389b1.exe
Size

798KB
Sample

210114-6zgrv7wwn2
MD5

b0a6d1001d3f2e90e0851497f05ef521
SHA1

bea9f7d72caa5ecdaf71c6dda354298378e0d984
SHA256

e0fa6c966f07e112cf5c5e78a8d421aba10d7a05e0e3a7f352be03e0ad5389b1
SHA512

8fab47c798f15cb04e08d68615e7fac97fb6e3f264741e3634f9bedaeecc0649706fa1c0e657e560b3b4dfd62da14f6ea01c8e3c7444e49ba058f96d7fd5f0a0

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://51.195.53.221/p.php/qElaNgWyezEFV

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  e0fa6c966f07e112cf5c5e78a8d421aba10d7a05e0e3a7f352be03e0ad5389b1.exe
- Size
  
  798KB
- MD5
  
  b0a6d1001d3f2e90e0851497f05ef521
- SHA1
  
  bea9f7d72caa5ecdaf71c6dda354298378e0d984
- SHA256
  
  e0fa6c966f07e112cf5c5e78a8d421aba10d7a05e0e3a7f352be03e0ad5389b1
- SHA512
  
  8fab47c798f15cb04e08d68615e7fac97fb6e3f264741e3634f9bedaeecc0649706fa1c0e657e560b3b4dfd62da14f6ea01c8e3c7444e49ba058f96d7fd5f0a0
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

lokibotspywarestealertrojan