lokibot | 301747d4995adca377535e08bc8509235fd4d17b0fdda6dcd0a80e67a7b3669d | Triage

Sharing

General

Target

301747D4995ADCA377535E08BC8509235FD4D17B0FDDA.exe
Size

148KB
Sample

210926-tglrfafabk
MD5

ca44a3a8334d049e806e9e02f2c764f8
SHA1

4484b6795336e063747d7157cfddd15c7c218ca6
SHA256

301747d4995adca377535e08bc8509235fd4d17b0fdda6dcd0a80e67a7b3669d
SHA512

5404d0f741e65937bdd0c0ec077fda9a3681b7bc6e12a579e8129e1ccc10aa53d0a47bba0f0bd7298cffc10efb19f4f4eec233e3cf2d0750d5545b9ab98cc73a

Score

10^/10

lokibot spyware stealer suricata trojan

Malware Config

Extracted

Family

lokibot

C2

http://103.194.170.48/update/GISVOUH/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  301747D4995ADCA377535E08BC8509235FD4D17B0FDDA.exe
- Size
  
  148KB
- MD5
  
  ca44a3a8334d049e806e9e02f2c764f8
- SHA1
  
  4484b6795336e063747d7157cfddd15c7c218ca6
- SHA256
  
  301747d4995adca377535e08bc8509235fd4d17b0fdda6dcd0a80e67a7b3669d
- SHA512
  
  5404d0f741e65937bdd0c0ec077fda9a3681b7bc6e12a579e8129e1ccc10aa53d0a47bba0f0bd7298cffc10efb19f4f4eec233e3cf2d0750d5545b9ab98cc73a
Score

10^/10

lokibot spyware stealer suricata trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- suricata: ET MALWARE LokiBot Checkin
  suricata: ET MALWARE LokiBot Checkin
  suricata
- suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
  suricata: ET MALWARE LokiBot User-Agent (Charon/Inferno)
  suricata
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

lokibotspywarestealersuricatatrojan

behavioral2

lokibotspywarestealersuricatatrojan