lokibot | b326b4848fb7610629f54054b30bac754382db0684a37da3c44e3342a21c2dd8 | Triage

Sharing

General

Target

Shipment Arrival Notice.exe
Size

781KB
Sample

210511-jetdcy63be
MD5

b1d78e6a8d2f23ad5952d431cd01f5c3
SHA1

19aa2e5f1f2abcc2993361fe43af38ce29051597
SHA256

b326b4848fb7610629f54054b30bac754382db0684a37da3c44e3342a21c2dd8
SHA512

4e57a5e0d08e2356c6e8afdfaf6e05642779b16fce8b93a505f1b82bcb9fcdb590e4c21ad1d391f68286c5dcd4c079f1d46bf0d73438573dc09f7f338f2a7a32

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

https://chem.buet.ac.bd/staff-list/inc/2w/Panel/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  Shipment Arrival Notice.exe
- Size
  
  781KB
- MD5
  
  b1d78e6a8d2f23ad5952d431cd01f5c3
- SHA1
  
  19aa2e5f1f2abcc2993361fe43af38ce29051597
- SHA256
  
  b326b4848fb7610629f54054b30bac754382db0684a37da3c44e3342a21c2dd8
- SHA512
  
  4e57a5e0d08e2356c6e8afdfaf6e05642779b16fce8b93a505f1b82bcb9fcdb590e4c21ad1d391f68286c5dcd4c079f1d46bf0d73438573dc09f7f338f2a7a32
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

lokibotspywarestealertrojan