lokibot | 80dbbe2c5ad64fb800afeafa013939c7d13cafb0568b64750b4048a51700110b | Triage

Sharing

General

Target

80dbbe2c5ad64fb800afeafa013939c7d13cafb0568b64750b4048a51700110b.exe
Size

915KB
Sample

210722-31568h7dzj
MD5

97902789babf5acb6b2e1a2bf34f026d
SHA1

9d51d7393bfd5eb16a81b2d304267267d25a24c4
SHA256

80dbbe2c5ad64fb800afeafa013939c7d13cafb0568b64750b4048a51700110b
SHA512

f2ee4eaf132f6840299de1381a768f1b5a2fce91cd6b73758bf9c5157e698d92b7876a638b61a3bba8b4c8fcba0ce53a90e2c3fd0fbdff9d74012f129ce266b8

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://185.227.139.18/dsaicosaicasdi.php/a5iPuKTGakcLJ

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  80dbbe2c5ad64fb800afeafa013939c7d13cafb0568b64750b4048a51700110b.exe
- Size
  
  915KB
- MD5
  
  97902789babf5acb6b2e1a2bf34f026d
- SHA1
  
  9d51d7393bfd5eb16a81b2d304267267d25a24c4
- SHA256
  
  80dbbe2c5ad64fb800afeafa013939c7d13cafb0568b64750b4048a51700110b
- SHA512
  
  f2ee4eaf132f6840299de1381a768f1b5a2fce91cd6b73758bf9c5157e698d92b7876a638b61a3bba8b4c8fcba0ce53a90e2c3fd0fbdff9d74012f129ce266b8
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

lokibotspywarestealertrojan