lokibot | e665d8433c9e96b567470eb29b4f2857911001759b66cafb40c1123befdaf458 | Triage

Sharing

General

Target

c31ead8d90b9c54c190ca138cd2676be.exe
Size

811KB
Sample

210115-1tz437enqx
MD5

c31ead8d90b9c54c190ca138cd2676be
SHA1

59ee610052c95f4ba5215cdbf0ea4bad33d28815
SHA256

e665d8433c9e96b567470eb29b4f2857911001759b66cafb40c1123befdaf458
SHA512

b1e84eaf7d03810d3adfb6814ca4a4894aa8516ab80b13d7868bd56682382b2960848aa9f8d2f1b252de2658a29be1e991b3e3642fd9ff01e695a8f1146fbd72

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://blueriiver-eu.com/chief/offor/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  c31ead8d90b9c54c190ca138cd2676be.exe
- Size
  
  811KB
- MD5
  
  c31ead8d90b9c54c190ca138cd2676be
- SHA1
  
  59ee610052c95f4ba5215cdbf0ea4bad33d28815
- SHA256
  
  e665d8433c9e96b567470eb29b4f2857911001759b66cafb40c1123befdaf458
- SHA512
  
  b1e84eaf7d03810d3adfb6814ca4a4894aa8516ab80b13d7868bd56682382b2960848aa9f8d2f1b252de2658a29be1e991b3e3642fd9ff01e695a8f1146fbd72
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

lokibotspywarestealertrojan