lokibot | 41c7c097e85a0c9ee40d1d92cd47bfff9fdb5752532a21e15c142fa3591eb7b3 | Triage

Sharing

General

Target

winlog.exe
Size

663KB
Sample

210227-jn93jwva7n
MD5

360437b30bd9db4fa30bb9399d712948
SHA1

960a2bcc3e85637ba561a72c6edc31078f184564
SHA256

41c7c097e85a0c9ee40d1d92cd47bfff9fdb5752532a21e15c142fa3591eb7b3
SHA512

e7b95462a2e4e72805a2597655443d6a0fca905ec66d8a1214b5fddf469d4d085f877bf32683f70f4485a64d63e8bcc1fdd21a6a9e4c5095aacdbaf0e2762bcc

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://or-logistlcs.com/zoro/zoro2/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  winlog.exe
- Size
  
  663KB
- MD5
  
  360437b30bd9db4fa30bb9399d712948
- SHA1
  
  960a2bcc3e85637ba561a72c6edc31078f184564
- SHA256
  
  41c7c097e85a0c9ee40d1d92cd47bfff9fdb5752532a21e15c142fa3591eb7b3
- SHA512
  
  e7b95462a2e4e72805a2597655443d6a0fca905ec66d8a1214b5fddf469d4d085f877bf32683f70f4485a64d63e8bcc1fdd21a6a9e4c5095aacdbaf0e2762bcc
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

lokibotspywarestealertrojan