lokibot | 87741cb9e9bf60d262d17f44e9c5b433750ebc82f5eee8f067b7349ba210bdb4 | Triage

Sharing

General

Target

87741cb9e9bf60d262d17f44e9c5b433750ebc82f5eee8f067b7349ba210bdb4.exe
Size

1.0MB
Sample

210118-xsl4feg6ca
MD5

7741e4266e8d98231cb6b0b89b1f4e9a
SHA1

1b555dee5cfa0c2f77327fb665d80161261029f2
SHA256

87741cb9e9bf60d262d17f44e9c5b433750ebc82f5eee8f067b7349ba210bdb4
SHA512

f9fda162cfdb993e3e60459cd36acca6dc3b727bdb0240785e48f5cb3a6f0c1a8a1e0281c9790c7a75ef36f7be5882b14517c692de4db5597a3960012a6982d6

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://okpana.com/chief/kev/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  87741cb9e9bf60d262d17f44e9c5b433750ebc82f5eee8f067b7349ba210bdb4.exe
- Size
  
  1.0MB
- MD5
  
  7741e4266e8d98231cb6b0b89b1f4e9a
- SHA1
  
  1b555dee5cfa0c2f77327fb665d80161261029f2
- SHA256
  
  87741cb9e9bf60d262d17f44e9c5b433750ebc82f5eee8f067b7349ba210bdb4
- SHA512
  
  f9fda162cfdb993e3e60459cd36acca6dc3b727bdb0240785e48f5cb3a6f0c1a8a1e0281c9790c7a75ef36f7be5882b14517c692de4db5597a3960012a6982d6
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

lokibotspywarestealertrojan