lokibot | 27fa1f24657b1710079922f92e16cdc7d1710257aabe93201bbf730b7ddea3a9 | Triage

Sharing

General

Target

27fa1f24657b1710079922f92e16cdc7d1710257aabe93201bbf730b7ddea3a9.exe
Size

970KB
Sample

210623-kwcz8vx5yn
MD5

7c9bdea1b19e08cdae31f39916a5fe47
SHA1

4eafb100f843014972cb54fa20ba1d978f65ffd1
SHA256

27fa1f24657b1710079922f92e16cdc7d1710257aabe93201bbf730b7ddea3a9
SHA512

729d9609553111eb2dffca04aa0b459e1e9ccd3913e035914b44e39f419e3584e6fc6e278495e9eb2dd54c144ac53dccfd553ba5b6e6d67f0cee155c8095d303

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://manvim.co/fc6/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  27fa1f24657b1710079922f92e16cdc7d1710257aabe93201bbf730b7ddea3a9.exe
- Size
  
  970KB
- MD5
  
  7c9bdea1b19e08cdae31f39916a5fe47
- SHA1
  
  4eafb100f843014972cb54fa20ba1d978f65ffd1
- SHA256
  
  27fa1f24657b1710079922f92e16cdc7d1710257aabe93201bbf730b7ddea3a9
- SHA512
  
  729d9609553111eb2dffca04aa0b459e1e9ccd3913e035914b44e39f419e3584e6fc6e278495e9eb2dd54c144ac53dccfd553ba5b6e6d67f0cee155c8095d303
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

lokibotspywarestealertrojan