lokibot | d76a0095d991a2a8c21d6b079e66606a512271706602ddafd94d85bf0cae527e | Triage

Sharing

General

Target

6532689222074368.zip
Size

982KB
Sample

210727-zdcpys5zns
MD5

0fa49bb29596288ab6253700e7a4ab86
SHA1

db78dbb20a4f42c3a13e3d462a331f5f0243e55c
SHA256

d76a0095d991a2a8c21d6b079e66606a512271706602ddafd94d85bf0cae527e
SHA512

36d20b24297b08b71c1d98d30ecd8b74db4e00b9795f7f41e8196551129c655433ecd010d76e608c256b139cb45b3554b3eaa746b96a0e35100bd91999288a8c

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://51.195.53.221/p.php/594QbwaP456AN

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30
- Size
  
  3.7MB
- MD5
  
  00fd3c68b44a6e82a6c516e6326dd89f
- SHA1
  
  a0d06dfc640fcaf4533962a11b4907c2dbbdfc8d
- SHA256
  
  de356fa5f4820cbc26b24852c1052c73dc4029e0a08f9f2a857f5a12434dca30
- SHA512
  
  92a6b9b7eda12966869d1192c5bc9abc793a1428ef8c0463c18677b03fc6c6ee9482a3559d8c20dc7284167cbecfdc77c58367cab5d9a3b0e83ae91eab3a7bfc
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

lokibotspywarestealertrojan