lokibot

General

Target

kayo.exe
Size

29KB
Sample

210408-14t55fcnxe
MD5

7b9af96c1828d52a8d6380b02ef72c18
SHA1

28a32a49f3d857ba4e869901e85328b2fa2cdc10
SHA256

7aeaa9cbabc54c36844d5852172c449865bf4c524693ae7aa9909b87627052fa
SHA512

c50ed68634623a85754c32b79ee3a264b327892867e21888b6d9d14b2ef57a2782fa588446b650c29ba0b795dc1291546c40aea27fb5ec8d85ff9226bc87e04f

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://amrp.tw/kayo/gate.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  kayo.exe
- Size
  
  29KB
- MD5
  
  7b9af96c1828d52a8d6380b02ef72c18
- SHA1
  
  28a32a49f3d857ba4e869901e85328b2fa2cdc10
- SHA256
  
  7aeaa9cbabc54c36844d5852172c449865bf4c524693ae7aa9909b87627052fa
- SHA512
  
  c50ed68634623a85754c32b79ee3a264b327892867e21888b6d9d14b2ef57a2782fa588446b650c29ba0b795dc1291546c40aea27fb5ec8d85ff9226bc87e04f
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

1

T1130

Modify Registry

1

T1112

Credential Access

Discovery

System Information Discovery

1

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Suspicious use of NtSetInformationThreadHideFromDebugger

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2