lokibot | 5128bb068a8ab072f70e24e50edbb76198f9ed7859534505cf62c067bb1221de | Triage

Sharing

General

Target

5128bb068a8ab072f70e24e50edbb76198f9ed7859534505cf62c067bb1221de.exe
Size

533KB
Sample

210115-15v8ej4m6e
MD5

c3aa9cf0cc1155132139e619fded88e4
SHA1

7a68d37d0b9c8bb49c40945e7cd7f8480d6ac635
SHA256

5128bb068a8ab072f70e24e50edbb76198f9ed7859534505cf62c067bb1221de
SHA512

55e4a87be9e1b729da8327abf817e357286cbf67134359c277028cf82869ce44fc30fa1308c3e9e5d1a8a676eea6df117af2b8b4a42ec2e056c1e5aacb401b5a

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://51.195.53.221/p.php/cfOoZYb0LXPms

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  5128bb068a8ab072f70e24e50edbb76198f9ed7859534505cf62c067bb1221de.exe
- Size
  
  533KB
- MD5
  
  c3aa9cf0cc1155132139e619fded88e4
- SHA1
  
  7a68d37d0b9c8bb49c40945e7cd7f8480d6ac635
- SHA256
  
  5128bb068a8ab072f70e24e50edbb76198f9ed7859534505cf62c067bb1221de
- SHA512
  
  55e4a87be9e1b729da8327abf817e357286cbf67134359c277028cf82869ce44fc30fa1308c3e9e5d1a8a676eea6df117af2b8b4a42ec2e056c1e5aacb401b5a
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

lokibotspywarestealertrojan