lokibot | 6282695446e4ef3cad12c2046ba103d1150be4b15a021980202c520edf672e06 | Triage

Sharing

General

Target

8329G90.doc.exe
Size

409KB
Sample

210226-8q9mzv6q6x
MD5

d089810d1b488f2bb26eac738bdda264
SHA1

ba6e22231fda67f98c117c4e5606a709fc85ad5d
SHA256

6282695446e4ef3cad12c2046ba103d1150be4b15a021980202c520edf672e06
SHA512

e638624681a3a8857d236e674dfd439ece0f2b2928ff0fab2354b82ea235e728937367b6d68afc7963166d9652a46ae45dd81c168278d14f2399bf33ee72d8ce

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://ianmaclaod.com/bebe/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  8329G90.doc.exe
- Size
  
  409KB
- MD5
  
  d089810d1b488f2bb26eac738bdda264
- SHA1
  
  ba6e22231fda67f98c117c4e5606a709fc85ad5d
- SHA256
  
  6282695446e4ef3cad12c2046ba103d1150be4b15a021980202c520edf672e06
- SHA512
  
  e638624681a3a8857d236e674dfd439ece0f2b2928ff0fab2354b82ea235e728937367b6d68afc7963166d9652a46ae45dd81c168278d14f2399bf33ee72d8ce
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

lokibotspywarestealertrojan