lokibot | cd499605957e1ce791085b9f9d0f0d14ef7431404db88f06af6fa7f3fd34f16f | Triage

Sharing

General

Target

Purchase Order-020POR040557 (2).tar.gz
Size

701KB
Sample

210624-hqqnfzahfe
MD5

a76e53c90c68a07d2e8de74ede9ca8ae
SHA1

8a8d06075c9edc3ab71cdb3027a16869ec2887eb
SHA256

cd499605957e1ce791085b9f9d0f0d14ef7431404db88f06af6fa7f3fd34f16f
SHA512

aee9b109d6dba00fedf488b99170debb145df72c7212725312a3ba713e2a59a61f994e07a44e11eab9b1b4a92cee67fedc0cd2e9d22e86d4bac4a461a29ff5ba

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://63.141.228.141/32.php/vkuep8Jt3rHQ5

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  79f082d15ba41f011bde45960cd32cbc.exe
- Size
  
  1.1MB
- MD5
  
  f1f80c57e5849f51d9fb3c519697826a
- SHA1
  
  69cda29c89885b0c798362952f71fbe2fc9038f5
- SHA256
  
  93ac78a024d6a0554a492cf2614ff7f75f12763b220980ad35b0a5c2994fcac7
- SHA512
  
  b76a797fe4b1561e850229ac8041c625a4b3c20ca9eebf9893961872aa61f5682e1458db3f276d5f2791d82dd0163246572a0f454224e340389d82f6da74baee
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

lokibotspywarestealertrojan