lokibot | 093044bb7c32e4ac72d55db8bcd6a9ea052e5dcc1ea98cb44ea9f72210776c5e | Triage

Sharing

General

Target

DOCUMENTOS BANCARIOS._______________xlsx.exe
Size

756KB
Sample

210226-d8x6ndnz8x
MD5

21b123ce0d3ceaa3b1e2fc78786c9436
SHA1

f209ca2ecc4497770271be35894c136432582b0c
SHA256

093044bb7c32e4ac72d55db8bcd6a9ea052e5dcc1ea98cb44ea9f72210776c5e
SHA512

e8080c5a1df32386d419adcb1e93a527a6090f047668dbfe43a7f0637e0f20d641965f885570fc3b819e2bf3475e9188f2c87e3833b72c578e478ace7f0c30ea

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://51.195.53.221/p.php/UjL7jh4u2t3CH

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  DOCUMENTOS BANCARIOS._______________xlsx.exe
- Size
  
  756KB
- MD5
  
  21b123ce0d3ceaa3b1e2fc78786c9436
- SHA1
  
  f209ca2ecc4497770271be35894c136432582b0c
- SHA256
  
  093044bb7c32e4ac72d55db8bcd6a9ea052e5dcc1ea98cb44ea9f72210776c5e
- SHA512
  
  e8080c5a1df32386d419adcb1e93a527a6090f047668dbfe43a7f0637e0f20d641965f885570fc3b819e2bf3475e9188f2c87e3833b72c578e478ace7f0c30ea
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

lokibotspywarestealertrojan