lokibot | 465c3102a6884269e236adf1e42176d0a70e375dbb4810231c6acf9d227f9ca3 | Triage

Sharing

General

Target

465c3102a6884269e236adf1e42176d0a70e375dbb4810231c6acf9d227f9ca3.exe
Size

1.0MB
Sample

210722-qe4mf36vta
MD5

c25cd68c9aa191a94eb9b1ac56fd795e
SHA1

aa344701407a8b35fc18a35e2ef81de46ce75e3e
SHA256

465c3102a6884269e236adf1e42176d0a70e375dbb4810231c6acf9d227f9ca3
SHA512

117518d825d0e7f10c9103a45e0443b3c90f755f48bfb49249e8d7a208690a0b282a99b87d7291022d2d370b052e968feaf76898bc7cdc5db2f4978de7a88ba3

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

https://pakilogs2020.xyz/t/e/ff.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  465c3102a6884269e236adf1e42176d0a70e375dbb4810231c6acf9d227f9ca3.exe
- Size
  
  1.0MB
- MD5
  
  c25cd68c9aa191a94eb9b1ac56fd795e
- SHA1
  
  aa344701407a8b35fc18a35e2ef81de46ce75e3e
- SHA256
  
  465c3102a6884269e236adf1e42176d0a70e375dbb4810231c6acf9d227f9ca3
- SHA512
  
  117518d825d0e7f10c9103a45e0443b3c90f755f48bfb49249e8d7a208690a0b282a99b87d7291022d2d370b052e968feaf76898bc7cdc5db2f4978de7a88ba3
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

lokibotspywarestealertrojan