lokibot | ea4ac12e4eb571bdb4060b4d65e93e1aaa30dc6d693ffaf352adc2e5f641eb5b | Triage

Sharing

General

Target

ea4ac12e4eb571bdb4060b4d65e93e1aaa30dc6d693ffaf352adc2e5f641eb5b.exe
Size

110KB
Sample

210115-mvpwce1t72
MD5

c2a3b57a529d4d19fdf97b115924361e
SHA1

86bf0be3ee47867791cdfe1107a391e7a9ab75dc
SHA256

ea4ac12e4eb571bdb4060b4d65e93e1aaa30dc6d693ffaf352adc2e5f641eb5b
SHA512

93661a4219621d5a32ded3fbe5e4d4fa585311f03512e813cc6114c4efb16cecd8d0689258f64cddc303b62cdea595d3c7447e494b5e09ce74dced424fe56b66

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://208.70.248.230/panel/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  ea4ac12e4eb571bdb4060b4d65e93e1aaa30dc6d693ffaf352adc2e5f641eb5b.exe
- Size
  
  110KB
- MD5
  
  c2a3b57a529d4d19fdf97b115924361e
- SHA1
  
  86bf0be3ee47867791cdfe1107a391e7a9ab75dc
- SHA256
  
  ea4ac12e4eb571bdb4060b4d65e93e1aaa30dc6d693ffaf352adc2e5f641eb5b
- SHA512
  
  93661a4219621d5a32ded3fbe5e4d4fa585311f03512e813cc6114c4efb16cecd8d0689258f64cddc303b62cdea595d3c7447e494b5e09ce74dced424fe56b66
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

lokibotspywarestealertrojan