lokibot | d3b21861d2dbbae76b30b6c1253be0775c7ea63d183ded44f041a609cbd929c4 | Triage

Submit
Reports

Overview

overview

Static

static

aviso de pago.pdf.exe

windows7_x64

aviso de pago.pdf.exe

windows10_x64

Sharing

General

Target

aviso de pago.pdf.exe
Size

1.0MB
Sample

210721-kd21ke5lan
MD5

d308eadbac9ea8eb3b0d9ab1112419be
SHA1

afdbe9177f5a38d59197fac722fdd91f9c50c928
SHA256

d3b21861d2dbbae76b30b6c1253be0775c7ea63d183ded44f041a609cbd929c4
SHA512

d9cb928e8cad22286e95f57e3367cf35756588039f0fa00c5c16eecc12167b1b946bddbd09450f1b1b9da08b3c77e8bde8e0776dc120963faa97d98cbf25cde1

Score

10^/10

lokibot spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

aviso de pago.pdf.exe

Resource

win7v20210410

lokibot spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

aviso de pago.pdf.exe

Resource

win10v20210410

lokibot spyware stealer trojan

windows10_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

lokibot

C2

http://ccjjlogsx.com/uu/me/tc.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  aviso de pago.pdf.exe
- Size
  
  1.0MB
- MD5
  
  d308eadbac9ea8eb3b0d9ab1112419be
- SHA1
  
  afdbe9177f5a38d59197fac722fdd91f9c50c928
- SHA256
  
  d3b21861d2dbbae76b30b6c1253be0775c7ea63d183ded44f041a609cbd929c4
- SHA512
  
  d9cb928e8cad22286e95f57e3367cf35756588039f0fa00c5c16eecc12167b1b946bddbd09450f1b1b9da08b3c77e8bde8e0776dc120963faa97d98cbf25cde1
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

lokibotspywarestealertrojan

© 2018-2024

Terms | Privacy