lokibot | 53d281c859e9fdaa0a1e32557a20aabd6f9835cbbb3faa5ff32c67980b364a1b | Triage

Sharing

General

Target

53d281c859e9fdaa0a1e32557a20aabd6f9835cbbb3faa5ff32c67980b364a1b
Size

464KB
Sample

210727-ealpd6w8lx
MD5

ad58ece85846219fd4cc7577304687ae
SHA1

f2c890def83625d9b33f07602f3c91988eaef154
SHA256

53d281c859e9fdaa0a1e32557a20aabd6f9835cbbb3faa5ff32c67980b364a1b
SHA512

03f39fea6f676365ab78925ab0930c55c9eaad3aca9a421db7eb150ee4dc32b3c47319651afe47ef18e7fec44dcd2ec9458a6fa02cb911557d013be09c690e79

Score

10^/10

lokibot spyware stealer suricata trojan

Malware Config

Extracted

Family

lokibot

C2

http://abixmaly.duckdns.org/binge/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  NEXT Eco-Air Shipment.exe
- Size
  
  628KB
- MD5
  
  a43a5c69b4fc6c45bbf4c75ee8b3869b
- SHA1
  
  6d6dd739f8b5c24fc98930dc59809893dcd64070
- SHA256
  
  235413e22a54a09ad31fae8f8a22a0cf4a443115cbb5dd9fe85a9a563ac1ebc3
- SHA512
  
  c012f843c33a8240d8e9c6ba9a2e2aaa173c4a856e0ff72b5c219a5d11b90eb9e6f6883e9d53b74b8bdc9c7419bd8be380d962458a84bd8aab90d4d04a449e5f
Score

10^/10

lokibot spyware stealer suricata trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- suricata: ET MALWARE LokiBot Checkin
  suricata
- suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
  suricata
- Suspicious use of SetThreadContext
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lokibotspywarestealersuricatatrojan