lokibot | cea60a27be9fe0fff2ea76e0a699afd8a70b226421685ca3ecf03a5278eeafba | Triage

Sharing

General

Target

6751351576756224.zip
Size

933KB
Sample

210623-s148r4fj92
MD5

950e9542dcc98a7ef6decb2db2996c54
SHA1

811505ad3c7ffee7d5648111888c14be634d3105
SHA256

cea60a27be9fe0fff2ea76e0a699afd8a70b226421685ca3ecf03a5278eeafba
SHA512

bb125af01b0a7062716e798072ba214b4fb55216fe47259c30b1a4301935fc19d293073c1ae0b63ce81ff562ec36c67371b1a3a5f2206a23ed8e69cddff2e8aa

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://63.141.228.141/32.php/3LJAZguIGMmJV

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  file_23.exe
- Size
  
  1.2MB
- MD5
  
  21be3dd0acf1487d7158041c01d33536
- SHA1
  
  8b0027fd706fa3c335f7c9214552cd30e3206a97
- SHA256
  
  8d45f0ac44e360afcbb0032a4461669fc5068b50a838bc7dde632f0c5a3dddf9
- SHA512
  
  207a1e6bf2bd3422bf638f72d72ca3dc65739dd26d9efd5e2da32f92dfd6c6a8eb245b58bde39717e43cdc831d4e271958bb5d934a732aefebf42a54f90d489c
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

lokibotspywarestealertrojan