lokibot | 4d12f3b90da946ad975debb3f08fe8d26ba0670c40c8c1e113fa815a2667d4a0 | Triage

Sharing

General

Target

???? XLPE PJ PE PROJECT RFQ ITEMS, DOCUMENTS .exe
Size

982KB
Sample

210422-rbphwhmlgs
MD5

d0e96b7d761f51b88e18edac3632881b
SHA1

58056a7c1477029d040ccfbbcc7dfa9eccb41f80
SHA256

4d12f3b90da946ad975debb3f08fe8d26ba0670c40c8c1e113fa815a2667d4a0
SHA512

c43f2c9bd99d0fb494897e28e2567a6d9a390ec6a1936fbdcd45be4523a580cecb2ba30d950c88296f2f43f5ec78e7770f698b31985091675767c13eb2c9b227

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://104.168.213.88/ghost1/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  ???? XLPE PJ PE PROJECT RFQ ITEMS, DOCUMENTS .exe
- Size
  
  982KB
- MD5
  
  d0e96b7d761f51b88e18edac3632881b
- SHA1
  
  58056a7c1477029d040ccfbbcc7dfa9eccb41f80
- SHA256
  
  4d12f3b90da946ad975debb3f08fe8d26ba0670c40c8c1e113fa815a2667d4a0
- SHA512
  
  c43f2c9bd99d0fb494897e28e2567a6d9a390ec6a1936fbdcd45be4523a580cecb2ba30d950c88296f2f43f5ec78e7770f698b31985091675767c13eb2c9b227
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

lokibotspywarestealertrojan