lokibot | f4f1ae05a1dc2e89a8c43f0c1cb61b1e09c72529ee73bc9c925fc2beafd70451 | Triage

Sharing

General

Target

f4f1ae05a1dc2e89a8c43f0c1cb61b1e09c72529ee73bc9c925fc2beafd70451.exe
Size

503KB
Sample

210915-gr6hdadabl
MD5

52e3cca9b01ef03513a71acc85644d8e
SHA1

e518386f0f170b9c6fc63511af9a05c58e6c1c14
SHA256

f4f1ae05a1dc2e89a8c43f0c1cb61b1e09c72529ee73bc9c925fc2beafd70451
SHA512

74878bbbdba812a3a8de9749177609fa132f5cec8c43d0f0807a864db1edfb6a41b39c63bdc86b3183bf1ed0a418c515519b64aaeab62fafeb13ec0e1c348bc5

Score

10^/10

lokibot spyware stealer suricata trojan

Malware Config

Extracted

Family

lokibot

C2

http://23.254.225.235/wj/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  f4f1ae05a1dc2e89a8c43f0c1cb61b1e09c72529ee73bc9c925fc2beafd70451.exe
- Size
  
  503KB
- MD5
  
  52e3cca9b01ef03513a71acc85644d8e
- SHA1
  
  e518386f0f170b9c6fc63511af9a05c58e6c1c14
- SHA256
  
  f4f1ae05a1dc2e89a8c43f0c1cb61b1e09c72529ee73bc9c925fc2beafd70451
- SHA512
  
  74878bbbdba812a3a8de9749177609fa132f5cec8c43d0f0807a864db1edfb6a41b39c63bdc86b3183bf1ed0a418c515519b64aaeab62fafeb13ec0e1c348bc5
Score

10^/10

lokibot spyware stealer suricata trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- suricata: ET MALWARE LokiBot Checkin
  suricata: ET MALWARE LokiBot Checkin
  suricata
- suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
  suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
  suricata
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

behavioral2

lokibotspywarestealersuricatatrojan