lokibot | f1a3b91427ef42327cd507ceee5f3c6717e28d8e27ba6dd50cace4126de61445 | Triage

Sharing

General

Target

f1a3b91427ef42327cd507ceee5f3c6717e28d8e27ba6dd50cace4126de61445.exe
Size

265KB
Sample

210118-bn83s79xvx
MD5

1be0a2069bd64c7132f7d4a5e8eac6a7
SHA1

984eee8830f6346fb29db64652339e5d06db9076
SHA256

f1a3b91427ef42327cd507ceee5f3c6717e28d8e27ba6dd50cace4126de61445
SHA512

2a50d71738b6d5635cb34fb09fe90d7493204b7f2e24b6295ab21bf76b7138680019c08be57c6fe45da8066c8e328ffb2f4f15470e94c6d1019ff175966b8bf8

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://51.195.53.221/p.php/vSr0zAGTIr0Ki

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  f1a3b91427ef42327cd507ceee5f3c6717e28d8e27ba6dd50cace4126de61445.exe
- Size
  
  265KB
- MD5
  
  1be0a2069bd64c7132f7d4a5e8eac6a7
- SHA1
  
  984eee8830f6346fb29db64652339e5d06db9076
- SHA256
  
  f1a3b91427ef42327cd507ceee5f3c6717e28d8e27ba6dd50cace4126de61445
- SHA512
  
  2a50d71738b6d5635cb34fb09fe90d7493204b7f2e24b6295ab21bf76b7138680019c08be57c6fe45da8066c8e328ffb2f4f15470e94c6d1019ff175966b8bf8
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

lokibotspywarestealertrojan