lokibot | 16b6a13fc72423ba17754bd27462ec19ba0a464bfd454e1be14bd31fec165288 | Triage

Sharing

General

Target

QOUTATION_pdf____________________________________________.exe
Size

1001KB
Sample

210118-1w33jpqspj
MD5

a867011aacddab4843a00f24964650da
SHA1

4d9efb800c400d12f07546470cfb4463c8704c5e
SHA256

16b6a13fc72423ba17754bd27462ec19ba0a464bfd454e1be14bd31fec165288
SHA512

5580ce4fd06aed3b809ea4ac8c32743f0f9bb896f19273b92533be3749700d26d8d323357b043db1227cdf0f372d96205990a9f32ca616bdb17fbff887773f5f

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://becharnise.ir/fa8/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  QOUTATION_pdf____________________________________________.exe
- Size
  
  1001KB
- MD5
  
  a867011aacddab4843a00f24964650da
- SHA1
  
  4d9efb800c400d12f07546470cfb4463c8704c5e
- SHA256
  
  16b6a13fc72423ba17754bd27462ec19ba0a464bfd454e1be14bd31fec165288
- SHA512
  
  5580ce4fd06aed3b809ea4ac8c32743f0f9bb896f19273b92533be3749700d26d8d323357b043db1227cdf0f372d96205990a9f32ca616bdb17fbff887773f5f
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

lokibotspywarestealertrojan