lokibot | 57d6ee60faf10320d9fd37d58aeec59e6735366afece642579ab6d9743c1731b | Triage

Sharing

General

Target

vbc.exe
Size

964KB
Sample

210421-1h53w3fdc6
MD5

71a14ce0723e4de96846bf22eed49d20
SHA1

14340d510faa92bd38ef6ec98e74f5845d37a451
SHA256

57d6ee60faf10320d9fd37d58aeec59e6735366afece642579ab6d9743c1731b
SHA512

4ff0b16cfe84f3c1b57638617f1eb9c332df95a531cd33f84dfde1987dc53d4ef1298dbfec33edac69d87844fefdb7d7f55519ae1c27ead2568551f50b27d728

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://amrp.tw/kayo/gate.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  vbc.exe
- Size
  
  964KB
- MD5
  
  71a14ce0723e4de96846bf22eed49d20
- SHA1
  
  14340d510faa92bd38ef6ec98e74f5845d37a451
- SHA256
  
  57d6ee60faf10320d9fd37d58aeec59e6735366afece642579ab6d9743c1731b
- SHA512
  
  4ff0b16cfe84f3c1b57638617f1eb9c332df95a531cd33f84dfde1987dc53d4ef1298dbfec33edac69d87844fefdb7d7f55519ae1c27ead2568551f50b27d728
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

lokibotspywarestealertrojan