lokibot | c3343b92155dfd866001b1126374d5d6e6e8efcbb889eccf0699dd6f29be580c | Triage

Sharing

General

Target

pago urgentePDF_____________________.exe
Size

500KB
Sample

210226-wrvmnqlavs
MD5

3f2edb003456f309c1f24e153cf40755
SHA1

66566ca27fa9ba736231f495b94c57f296ec921a
SHA256

c3343b92155dfd866001b1126374d5d6e6e8efcbb889eccf0699dd6f29be580c
SHA512

ff4ea7ed6386d7dc99eb90147220355a2ecdd62596ae4a09f871d6ff214e6de2bac2b47f22add35314274c804fad3424a5ec5fa9920e45648e93179a2dc994a5

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://51.195.53.221/p.php/qgZUTMW0pWR4Q

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  pago urgentePDF_____________________.exe
- Size
  
  500KB
- MD5
  
  3f2edb003456f309c1f24e153cf40755
- SHA1
  
  66566ca27fa9ba736231f495b94c57f296ec921a
- SHA256
  
  c3343b92155dfd866001b1126374d5d6e6e8efcbb889eccf0699dd6f29be580c
- SHA512
  
  ff4ea7ed6386d7dc99eb90147220355a2ecdd62596ae4a09f871d6ff214e6de2bac2b47f22add35314274c804fad3424a5ec5fa9920e45648e93179a2dc994a5
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

lokibotspywarestealertrojan