lokibot | bfef898b719f3ea6e1359a316b95fbe54a2bbc6fe10bc4383fd5be0aad6e0c20 | Triage

Sharing

General

Target

bfef898b719f3ea6e1359a316b95fbe54a2bbc6fe10bc4383fd5be0aad6e0c20.exe
Size

292KB
Sample

210915-gr6hdahhe6
MD5

fce4de8d50a11dd67c8452f317d760d7
SHA1

9478ceb40e2897f133c0b3606238e5e8133c40a8
SHA256

bfef898b719f3ea6e1359a316b95fbe54a2bbc6fe10bc4383fd5be0aad6e0c20
SHA512

130450f01a27ebcbd8e7700802f15b593fe539dcae18e31be559fb9be523037536f848f19c0397d47f4983f0812a8c7fa2e2c71a792026dc873ccc2ccb89bd77

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://brokenislegion.ga/BN111/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  bfef898b719f3ea6e1359a316b95fbe54a2bbc6fe10bc4383fd5be0aad6e0c20.exe
- Size
  
  292KB
- MD5
  
  fce4de8d50a11dd67c8452f317d760d7
- SHA1
  
  9478ceb40e2897f133c0b3606238e5e8133c40a8
- SHA256
  
  bfef898b719f3ea6e1359a316b95fbe54a2bbc6fe10bc4383fd5be0aad6e0c20
- SHA512
  
  130450f01a27ebcbd8e7700802f15b593fe539dcae18e31be559fb9be523037536f848f19c0397d47f4983f0812a8c7fa2e2c71a792026dc873ccc2ccb89bd77
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

lokibotspywarestealertrojan