lokibot | a60e97778614ab28c9e6acf9a2a76e8f42c09372af1a9e5e6802018e3cee2829 | Triage

Sharing

General

Target

07c01497b1a48bd763519c1b2561ab2d
Size

250KB
Sample

210727-2l2c6vxvn6
MD5

07c01497b1a48bd763519c1b2561ab2d
SHA1

7cd72784c6a4e251068a43cba935ebc8a1531c84
SHA256

a60e97778614ab28c9e6acf9a2a76e8f42c09372af1a9e5e6802018e3cee2829
SHA512

09213f2033186a671dad819e50d5740dc0b953f20fb2fddefc5798ce6bb5d1d40a3c8ed00b446104430541dd21f4bfdcee3e630215fba466f9cfe51fd9aea6b6

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://asiatrans.cf/BN1/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  07c01497b1a48bd763519c1b2561ab2d
- Size
  
  250KB
- MD5
  
  07c01497b1a48bd763519c1b2561ab2d
- SHA1
  
  7cd72784c6a4e251068a43cba935ebc8a1531c84
- SHA256
  
  a60e97778614ab28c9e6acf9a2a76e8f42c09372af1a9e5e6802018e3cee2829
- SHA512
  
  09213f2033186a671dad819e50d5740dc0b953f20fb2fddefc5798ce6bb5d1d40a3c8ed00b446104430541dd21f4bfdcee3e630215fba466f9cfe51fd9aea6b6
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

lokibotspywarestealertrojan