lokibot | cc405d2f7b521acb516d19078d46156b9de3fe2ac8e794aa566189ec051135de | Triage

Sharing

General

Target

cc405d2f7b521acb516d19078d46156b9de3fe2ac8e794aa566189ec051135de.exe
Size

1.4MB
Sample

210623-vvx4vexpkx
MD5

a9ad53bf04acfb9485ec5f6fc24cfa35
SHA1

429214863d95eb9f7f47578eb1ff532b34261c4a
SHA256

cc405d2f7b521acb516d19078d46156b9de3fe2ac8e794aa566189ec051135de
SHA512

102f71e9a91bdbbaf7d7aa55a8408b757934a2580f09f25e50f37c8528992fc39324104a2c678d20a1cd968802a5eb920a8aa4f77a3438b7a4585fb6b016a958

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://63.141.228.141/32.php/HsSpKI8PLZu2g

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  cc405d2f7b521acb516d19078d46156b9de3fe2ac8e794aa566189ec051135de.exe
- Size
  
  1.4MB
- MD5
  
  a9ad53bf04acfb9485ec5f6fc24cfa35
- SHA1
  
  429214863d95eb9f7f47578eb1ff532b34261c4a
- SHA256
  
  cc405d2f7b521acb516d19078d46156b9de3fe2ac8e794aa566189ec051135de
- SHA512
  
  102f71e9a91bdbbaf7d7aa55a8408b757934a2580f09f25e50f37c8528992fc39324104a2c678d20a1cd968802a5eb920a8aa4f77a3438b7a4585fb6b016a958
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

lokibotspywarestealertrojan