lokibot | 8dc40254d25fe9f5feaba5a224d55c8a2843fc511014e318a2a4ddabfaeeabb6 | Triage

Sharing

General

Target

8dc40254d25fe9f5feaba5a224d55c8a2843fc511014e318a2a4ddabfaeeabb6.exe
Size

265KB
Sample

210118-pfwh1j968n
MD5

db221431cd00dc461f08bf4e89dee05f
SHA1

575eba3bcdf274fd96109f273cd40308acb434ed
SHA256

8dc40254d25fe9f5feaba5a224d55c8a2843fc511014e318a2a4ddabfaeeabb6
SHA512

ede66d8416ecf52949c0d35c95c66ff7ea4c666a0e205ea74c06e0e4dfb76d555dc94267d1900c8994288c96c7ba7a1d6c0d3b695be3013059cc5d2299225366

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://23.238.43.43/bb/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  8dc40254d25fe9f5feaba5a224d55c8a2843fc511014e318a2a4ddabfaeeabb6.exe
- Size
  
  265KB
- MD5
  
  db221431cd00dc461f08bf4e89dee05f
- SHA1
  
  575eba3bcdf274fd96109f273cd40308acb434ed
- SHA256
  
  8dc40254d25fe9f5feaba5a224d55c8a2843fc511014e318a2a4ddabfaeeabb6
- SHA512
  
  ede66d8416ecf52949c0d35c95c66ff7ea4c666a0e205ea74c06e0e4dfb76d555dc94267d1900c8994288c96c7ba7a1d6c0d3b695be3013059cc5d2299225366
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

lokibotspywarestealertrojan