lokibot | 5d6b7ef677711fc8e227f7c37c2e13a696fe34a4c2982f9a3d194e453eb33130 | Triage

Sharing

General

Target

36a2cb65a1ecc54011a92958733a92a9.exe
Size

850KB
Sample

210624-yz8bne7cls
MD5

36a2cb65a1ecc54011a92958733a92a9
SHA1

095e985a298f9874b0a6414780d00ad6437ebcf7
SHA256

5d6b7ef677711fc8e227f7c37c2e13a696fe34a4c2982f9a3d194e453eb33130
SHA512

6c988738d86cab8c46bbff20b9adf595437cda8b2fabbb7f3e359510f50b3cee8362f3490491ea3779b596b2060a89eebf22ea743a291657e82d4a6bb8c1386c

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://63.141.228.141/32.php/S4wFP8QBww9Tp

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  36a2cb65a1ecc54011a92958733a92a9.exe
- Size
  
  850KB
- MD5
  
  36a2cb65a1ecc54011a92958733a92a9
- SHA1
  
  095e985a298f9874b0a6414780d00ad6437ebcf7
- SHA256
  
  5d6b7ef677711fc8e227f7c37c2e13a696fe34a4c2982f9a3d194e453eb33130
- SHA512
  
  6c988738d86cab8c46bbff20b9adf595437cda8b2fabbb7f3e359510f50b3cee8362f3490491ea3779b596b2060a89eebf22ea743a291657e82d4a6bb8c1386c
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

lokibotspywarestealertrojan