lokibot | 8bf2fb9f4686b128f0ecf8c5512fca579317147575eef3c6f423e5280dd751c0 | Triage

Sharing

General

Target

DocumentosSantander.PDF.bat.exe
Size

656KB
Sample

210504-xssehqnzbx
MD5

efac0baa095bf155fde379c3b180f5e1
SHA1

6dc40192cd8424a04c446fc458475eb03b37c2ed
SHA256

8bf2fb9f4686b128f0ecf8c5512fca579317147575eef3c6f423e5280dd751c0
SHA512

dcef78baacfc92889e717680fdb09936224ee154341eeb8f0360cf0b468480c516361a0f9ef39eb32fde7afadd717d8011090522af29acf307afe55b5c2855d9

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://173.208.204.37/k.php/LY0xuvgkjMA3b

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  DocumentosSantander.PDF.bat.exe
- Size
  
  656KB
- MD5
  
  efac0baa095bf155fde379c3b180f5e1
- SHA1
  
  6dc40192cd8424a04c446fc458475eb03b37c2ed
- SHA256
  
  8bf2fb9f4686b128f0ecf8c5512fca579317147575eef3c6f423e5280dd751c0
- SHA512
  
  dcef78baacfc92889e717680fdb09936224ee154341eeb8f0360cf0b468480c516361a0f9ef39eb32fde7afadd717d8011090522af29acf307afe55b5c2855d9
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

lokibotspywarestealertrojan