lokibot | 4771e0a4c826a5da4492a575acd2f48fa152f549d40d873f863cf9d97b8418fc | Triage

Sharing

General

Target

facturas y datos bancarios.PDF.exe
Size

938KB
Sample

210623-754ebkrc8j
MD5

161bad09eb7a977f3a91f217fa75bafd
SHA1

55856a0d2957b1ae398fbbc376ca8480e86a8a07
SHA256

4771e0a4c826a5da4492a575acd2f48fa152f549d40d873f863cf9d97b8418fc
SHA512

5535dc09501c0e85dc289f804dfc433f882c91601c38a41867bdeebbc62b01f02a7af1460dddf1665a0f1bc32a2e0b90f802ca59a8beeb7384cebc3f31445c85

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://63.141.228.141/32.php/FXsbYX1K4uTzS

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  facturas y datos bancarios.PDF.exe
- Size
  
  938KB
- MD5
  
  161bad09eb7a977f3a91f217fa75bafd
- SHA1
  
  55856a0d2957b1ae398fbbc376ca8480e86a8a07
- SHA256
  
  4771e0a4c826a5da4492a575acd2f48fa152f549d40d873f863cf9d97b8418fc
- SHA512
  
  5535dc09501c0e85dc289f804dfc433f882c91601c38a41867bdeebbc62b01f02a7af1460dddf1665a0f1bc32a2e0b90f802ca59a8beeb7384cebc3f31445c85
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

lokibotspywarestealertrojan