lokibot | 7fe3cf53819cc62bd4c5812de2db482e05c0a77fbfb42413863c4967596458df | Triage

Sharing

General

Target

gunzipped.exe
Size

811KB
Sample

210511-marwsnp7v2
MD5

5c67d88f6e0d9a814ca812637c2355df
SHA1

2cbc7f5c8dbe68e94755ffa33b3d53d7f0e2c439
SHA256

7fe3cf53819cc62bd4c5812de2db482e05c0a77fbfb42413863c4967596458df
SHA512

280b6e199bfb089ec1fab68d5da5395fa49227fe939f1e7d9741849216dc9ffd6f54f1777779ae59092601e4f909d71f6b3e56f62e33bfb7dd900561dc160be7

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://173.208.204.37/k.php/yefJbphgQgDjo

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  gunzipped.exe
- Size
  
  811KB
- MD5
  
  5c67d88f6e0d9a814ca812637c2355df
- SHA1
  
  2cbc7f5c8dbe68e94755ffa33b3d53d7f0e2c439
- SHA256
  
  7fe3cf53819cc62bd4c5812de2db482e05c0a77fbfb42413863c4967596458df
- SHA512
  
  280b6e199bfb089ec1fab68d5da5395fa49227fe939f1e7d9741849216dc9ffd6f54f1777779ae59092601e4f909d71f6b3e56f62e33bfb7dd900561dc160be7
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

lokibotspywarestealertrojan