lokibot | dd715a1b1f733c57f100877432d8e365c0efe519cda845c0e37ebd58886dbea6 | Triage

Sharing

General

Target

dd715a1b1f733c57f100877432d8e365c0efe519cda845c0e37ebd58886dbea6.exe
Size

802KB
Sample

210115-ef4lx429mj
MD5

60ed045b258cff113c07de91fc6e2913
SHA1

e8f024420f1c5cd43115106f40b077ae27d4427b
SHA256

dd715a1b1f733c57f100877432d8e365c0efe519cda845c0e37ebd58886dbea6
SHA512

da88bd7c139541cde5d01b36519d234331fc79c042424603f603e519506b9d9b9ed834596e7afe7387fe9430bcaaef2715a9452495df00a4b0a7945c020e2c52

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://lmpulsefashion.net/chief/kev/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  dd715a1b1f733c57f100877432d8e365c0efe519cda845c0e37ebd58886dbea6.exe
- Size
  
  802KB
- MD5
  
  60ed045b258cff113c07de91fc6e2913
- SHA1
  
  e8f024420f1c5cd43115106f40b077ae27d4427b
- SHA256
  
  dd715a1b1f733c57f100877432d8e365c0efe519cda845c0e37ebd58886dbea6
- SHA512
  
  da88bd7c139541cde5d01b36519d234331fc79c042424603f603e519506b9d9b9ed834596e7afe7387fe9430bcaaef2715a9452495df00a4b0a7945c020e2c52
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

lokibotspywarestealertrojan