lokibot | 4ed4c6dc0931fc532768d6b208faf7ed7281427c417a048a013c8a7104707582 | Triage

Sharing

General

Target

4ed4c6dc0931fc532768d6b208faf7ed7281427c417a048a013c8a7104707582.exe
Size

378KB
Sample

210115-b8j2pwbcz2
MD5

c86b7d3e1fa2ddaf8ed7b3bff609502d
SHA1

d811b866f76d296fc16101aa572e88de58867f46
SHA256

4ed4c6dc0931fc532768d6b208faf7ed7281427c417a048a013c8a7104707582
SHA512

ff851e91924a3c8e40659e1a6714c7b6e3f8fb619da73cb53a676719257a10cae658e662bf3da4b6462d4056e8c01d0aafbce189f28b442b82e373a0825cd90b

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://51.195.53.221/p.php/pXqVbj1ory8MD

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  4ed4c6dc0931fc532768d6b208faf7ed7281427c417a048a013c8a7104707582.exe
- Size
  
  378KB
- MD5
  
  c86b7d3e1fa2ddaf8ed7b3bff609502d
- SHA1
  
  d811b866f76d296fc16101aa572e88de58867f46
- SHA256
  
  4ed4c6dc0931fc532768d6b208faf7ed7281427c417a048a013c8a7104707582
- SHA512
  
  ff851e91924a3c8e40659e1a6714c7b6e3f8fb619da73cb53a676719257a10cae658e662bf3da4b6462d4056e8c01d0aafbce189f28b442b82e373a0825cd90b
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

lokibotspywarestealertrojan