lokibot | 0b813805cdf296dc50f3336dcbf6e41f4dc119e753be9511634857eba90a7b0f | Triage

Sharing

General

Target

22571b1b3694219055b378569682dce0.exe
Size

462KB
Sample

210118-k5jnqs1616
MD5

22571b1b3694219055b378569682dce0
SHA1

37768e8dba9e098b2860f062353886fccd8fe0be
SHA256

0b813805cdf296dc50f3336dcbf6e41f4dc119e753be9511634857eba90a7b0f
SHA512

2e710d12820888043f598e78d35421575d09e99461ded5fedbfc972b08b2014e865ce6fde1102abfc35ab2215ea830cd2873f3e8b4701485460d4326d0cf1126

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://mannaton.com/zoro/zoro1/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  22571b1b3694219055b378569682dce0.exe
- Size
  
  462KB
- MD5
  
  22571b1b3694219055b378569682dce0
- SHA1
  
  37768e8dba9e098b2860f062353886fccd8fe0be
- SHA256
  
  0b813805cdf296dc50f3336dcbf6e41f4dc119e753be9511634857eba90a7b0f
- SHA512
  
  2e710d12820888043f598e78d35421575d09e99461ded5fedbfc972b08b2014e865ce6fde1102abfc35ab2215ea830cd2873f3e8b4701485460d4326d0cf1126
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

lokibotspywarestealertrojan