lokibot | a222f23b44ac7af5cbac74e3f60643e232ed63d8a79162d58084f5fcce5dfd52 | Triage

Sharing

General

Target

purchase order.pdf.exe
Size

1.4MB
Sample

210624-btcddbcml6
MD5

9765acf7509b0800d88d96a629c0cc24
SHA1

41ca7dd1724c8a4f880c6c9094debdf3796c3c51
SHA256

a222f23b44ac7af5cbac74e3f60643e232ed63d8a79162d58084f5fcce5dfd52
SHA512

c13cfc90c81b4d22389854d5514cc6f2f4e37cec6205c52e2cf40373345963f62bb76650bcf7d67813382cb2e5aa5e88c44b2ea3d1c527a5b1d61546fc2f74a6

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://63.141.228.141/32.php/3V16BrI6suXPx

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  purchase order.pdf.exe
- Size
  
  1.4MB
- MD5
  
  9765acf7509b0800d88d96a629c0cc24
- SHA1
  
  41ca7dd1724c8a4f880c6c9094debdf3796c3c51
- SHA256
  
  a222f23b44ac7af5cbac74e3f60643e232ed63d8a79162d58084f5fcce5dfd52
- SHA512
  
  c13cfc90c81b4d22389854d5514cc6f2f4e37cec6205c52e2cf40373345963f62bb76650bcf7d67813382cb2e5aa5e88c44b2ea3d1c527a5b1d61546fc2f74a6
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

lokibotspywarestealertrojan