lokibot | 235413e22a54a09ad31fae8f8a22a0cf4a443115cbb5dd9fe85a9a563ac1ebc3 | Triage

Sharing

General

Target

contract YF8536851-1.exe
Size

628KB
Sample

210722-3wpxheerna
MD5

a43a5c69b4fc6c45bbf4c75ee8b3869b
SHA1

6d6dd739f8b5c24fc98930dc59809893dcd64070
SHA256

235413e22a54a09ad31fae8f8a22a0cf4a443115cbb5dd9fe85a9a563ac1ebc3
SHA512

c012f843c33a8240d8e9c6ba9a2e2aaa173c4a856e0ff72b5c219a5d11b90eb9e6f6883e9d53b74b8bdc9c7419bd8be380d962458a84bd8aab90d4d04a449e5f

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://abixmaly.duckdns.org/binge/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  contract YF8536851-1.exe
- Size
  
  628KB
- MD5
  
  a43a5c69b4fc6c45bbf4c75ee8b3869b
- SHA1
  
  6d6dd739f8b5c24fc98930dc59809893dcd64070
- SHA256
  
  235413e22a54a09ad31fae8f8a22a0cf4a443115cbb5dd9fe85a9a563ac1ebc3
- SHA512
  
  c012f843c33a8240d8e9c6ba9a2e2aaa173c4a856e0ff72b5c219a5d11b90eb9e6f6883e9d53b74b8bdc9c7419bd8be380d962458a84bd8aab90d4d04a449e5f
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

lokibotspywarestealertrojan