lokibot | b445a79380a50d3f1447597a287e3dda84286ee66d76d0fbda22a04edba1d16e | Triage

Sharing

General

Target

scannedfiles-23.exe
Size

688KB
Sample

210623-aqvjf9917e
MD5

4f261af0216ef7306e2ff076a2462358
SHA1

8c07c49d5abb7474eab731a8f3111a7dd62e7cb1
SHA256

b445a79380a50d3f1447597a287e3dda84286ee66d76d0fbda22a04edba1d16e
SHA512

98c8471066343ac78063d97be0b23a84486ef2f963e8f3f96b3273e7b05b6fe14c4cf9f5e1d0f2d1a2811099bc9cbe7f4a284ef4c8f1619e2b61808ba8704393

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://63.141.228.141/32.php/hVjgJl5jKemRQ

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  scannedfiles-23.exe
- Size
  
  688KB
- MD5
  
  4f261af0216ef7306e2ff076a2462358
- SHA1
  
  8c07c49d5abb7474eab731a8f3111a7dd62e7cb1
- SHA256
  
  b445a79380a50d3f1447597a287e3dda84286ee66d76d0fbda22a04edba1d16e
- SHA512
  
  98c8471066343ac78063d97be0b23a84486ef2f963e8f3f96b3273e7b05b6fe14c4cf9f5e1d0f2d1a2811099bc9cbe7f4a284ef4c8f1619e2b61808ba8704393
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

lokibotspywarestealertrojan