lokibot | b08e82fea6d6300d47f78a2a54aa95da15112e037e292e452d4f63c5cb6de676 | Triage

Sharing

General

Target

b08e82fea6d6300d47f78a2a54aa95da15112e037e292e452d4f63c5cb6de676.exe
Size

846KB
Sample

210421-btsgvl1fma
MD5

e31802832554364edd0212a9dc61d0f5
SHA1

2ef0e361e1dcc9b4872a862d01ef95f40d6f7557
SHA256

b08e82fea6d6300d47f78a2a54aa95da15112e037e292e452d4f63c5cb6de676
SHA512

a882ca244b08e620a84f646d502d9db95f038e3df0ca6295f3626498b4aa653a7ed664ce4e528f303945cb64e0f27f94059a4a0b02c99f78056c939d87d023dc

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://amrp.tw/engr/gate.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  b08e82fea6d6300d47f78a2a54aa95da15112e037e292e452d4f63c5cb6de676.exe
- Size
  
  846KB
- MD5
  
  e31802832554364edd0212a9dc61d0f5
- SHA1
  
  2ef0e361e1dcc9b4872a862d01ef95f40d6f7557
- SHA256
  
  b08e82fea6d6300d47f78a2a54aa95da15112e037e292e452d4f63c5cb6de676
- SHA512
  
  a882ca244b08e620a84f646d502d9db95f038e3df0ca6295f3626498b4aa653a7ed664ce4e528f303945cb64e0f27f94059a4a0b02c99f78056c939d87d023dc
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

lokibotspywarestealertrojan