kayo.exe

General
Target

kayo.exe

Size

29KB

Sample

210408-14t55fcnxe

Score
10 /10
MD5

7b9af96c1828d52a8d6380b02ef72c18

SHA1

28a32a49f3d857ba4e869901e85328b2fa2cdc10

SHA256

7aeaa9cbabc54c36844d5852172c449865bf4c524693ae7aa9909b87627052fa

SHA512

c50ed68634623a85754c32b79ee3a264b327892867e21888b6d9d14b2ef57a2782fa588446b650c29ba0b795dc1291546c40aea27fb5ec8d85ff9226bc87e04f

Malware Config

Extracted

Family lokibot
C2

http://amrp.tw/kayo/gate.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets
Target

kayo.exe

MD5

7b9af96c1828d52a8d6380b02ef72c18

Filesize

29KB

Score
10 /10
SHA1

28a32a49f3d857ba4e869901e85328b2fa2cdc10

SHA256

7aeaa9cbabc54c36844d5852172c449865bf4c524693ae7aa9909b87627052fa

SHA512

c50ed68634623a85754c32b79ee3a264b327892867e21888b6d9d14b2ef57a2782fa588446b650c29ba0b795dc1291546c40aea27fb5ec8d85ff9226bc87e04f

Tags

Signatures

  • Lokibot

    Description

    Lokibot is a Password and CryptoCoin Wallet Stealer.

    Tags

  • Suspicious use of NtSetInformationThreadHideFromDebugger

  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Collection
    Command and Control
      Credential Access
        Execution
          Exfiltration
            Impact
              Initial Access
                Lateral Movement
                  Persistence
                    Privilege Escalation
                      Tasks

                      static1

                      behavioral1

                      10/10

                      behavioral2

                      10/10