lokibot | 307bc38e390ab59b21aadf74c29b2d6f07d6516eaffe6e46af4f1d112492fbaf | Triage

Sharing

General

Target

307bc38e390ab59b21aadf74c29b2d6f07d6516eaffe6e46af4f1d112492fbaf.exe
Size

1.8MB
Sample

210421-ypj92vta4a
MD5

0077dbaaaccfeee44d2194c669a99624
SHA1

bcaf27906d4b00c9a9dc366104ff67dee02aff4c
SHA256

307bc38e390ab59b21aadf74c29b2d6f07d6516eaffe6e46af4f1d112492fbaf
SHA512

f76f0f7dae8949f716422b4810c00b49e447ff0ad707b71897d689089f09a98a9eaa8fac30efcaa99496ad25355d78c74ea64786b2c512b68d8048e196606d23

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://104.168.140.79/smack/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  307bc38e390ab59b21aadf74c29b2d6f07d6516eaffe6e46af4f1d112492fbaf.exe
- Size
  
  1.8MB
- MD5
  
  0077dbaaaccfeee44d2194c669a99624
- SHA1
  
  bcaf27906d4b00c9a9dc366104ff67dee02aff4c
- SHA256
  
  307bc38e390ab59b21aadf74c29b2d6f07d6516eaffe6e46af4f1d112492fbaf
- SHA512
  
  f76f0f7dae8949f716422b4810c00b49e447ff0ad707b71897d689089f09a98a9eaa8fac30efcaa99496ad25355d78c74ea64786b2c512b68d8048e196606d23
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

lokibotspywarestealertrojan