lokibot

General

Target

FACTURA DE ENVÍO.pdf.exe
Size

1.0MB
Sample

210115-leqj8x8l5e
MD5

f2bdb4e0ad5f59e25ae0aa08cd262565
SHA1

6f58e9f29a662c028e2375e69ff25d53397596c1
SHA256

05a2e1c109cbf757af3856c7080abe847c40f17b56a2a0476efff9a82b25face
SHA512

fc5a1fcee82f470ed61dfa378a89288276787379358f047d64949f6bbfa3d706d456702be61c24f2d189de7839372f7eebd21b8364bff718872694e3b06f061a

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://51.195.53.221/p.php/HsSpKI8PLZu2g

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  FACTURA DE ENVÍO.pdf.exe
- Size
  
  1.0MB
- MD5
  
  f2bdb4e0ad5f59e25ae0aa08cd262565
- SHA1
  
  6f58e9f29a662c028e2375e69ff25d53397596c1
- SHA256
  
  05a2e1c109cbf757af3856c7080abe847c40f17b56a2a0476efff9a82b25face
- SHA512
  
  fc5a1fcee82f470ed61dfa378a89288276787379358f047d64949f6bbfa3d706d456702be61c24f2d189de7839372f7eebd21b8364bff718872694e3b06f061a
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2