lokibot | bd22e6fdeaeeb5047191e6b7feaeb3a152f43b20b9d464eb51add07c29a1e8de | Triage

Submit
Reports

Overview

overview

Static

static

INV-Impot Dos_pdf.exe

windows7_x64

INV-Impot Dos_pdf.exe

windows10_x64

Sharing

General

Target

INV-Impot Dos_pdf.exe
Size

890KB
Sample

210504-sxxflnhpns
MD5

deebff890e5a3cf56143a8e5f70c494e
SHA1

c48ca3466b49887848ddd36db47265fb3918ba21
SHA256

bd22e6fdeaeeb5047191e6b7feaeb3a152f43b20b9d464eb51add07c29a1e8de
SHA512

fb790cfb50b58d5100c5997a8faaafc7410d2e52e137990fc2e08358761bbe1dfe1466e2000cc464e22c6191075bdf64202af8fc24b3268875b5bec0be5203e1

Score

10^/10

lokibot spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

INV-Impot Dos_pdf.exe

Resource

win7v20210408

lokibot spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

INV-Impot Dos_pdf.exe

Resource

win10v20210410

lokibot spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

lokibot

C2

https://optimize-apiv2.barantum.com/xx/Panel/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  INV-Impot Dos_pdf.exe
- Size
  
  890KB
- MD5
  
  deebff890e5a3cf56143a8e5f70c494e
- SHA1
  
  c48ca3466b49887848ddd36db47265fb3918ba21
- SHA256
  
  bd22e6fdeaeeb5047191e6b7feaeb3a152f43b20b9d464eb51add07c29a1e8de
- SHA512
  
  fb790cfb50b58d5100c5997a8faaafc7410d2e52e137990fc2e08358761bbe1dfe1466e2000cc464e22c6191075bdf64202af8fc24b3268875b5bec0be5203e1
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

lokibotspywarestealertrojan

© 2018-2024

Terms | Privacy