lokibot | 52c7a6d86aa444613de7ea1bde1c2e50d204bb5e8686cb4e33cbb409fa7c5e09 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

4b261a00bf01727cf3fac85187f54a6c.bin
Size

373KB
Sample

230818-brqh9see76
MD5

42d349c3ac222aea8d35b6505e2c101d
SHA1

3d5e97b3139d7af22a638fe474274020513728f6
SHA256

52c7a6d86aa444613de7ea1bde1c2e50d204bb5e8686cb4e33cbb409fa7c5e09
SHA512

927904bf818bf77ec3b669bc4205839aa9d25a1e64f27ceb5854681dde51f06e120224cde0307f1325c1093b7d1ad23e0ee82ad5f4b2aa0b77c5b72d38dd1a84
SSDEEP

6144:/jpopo6K0PWgoJ5ACzkucfCaH7ljv8doHn177yL+ufWFtojMaLpEESrBptLgW6ZF:bp2VK1v1QJb7lj0dGSL+u+FhVztLgB/H

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://194.55.224.10/collins/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  Document.exe
- Size
  
  628KB
- MD5
  
  85dd400cf4a587a7f5ebb27035eb4a29
- SHA1
  
  1d39c377c106df23b1240dd272314b1a4f39cb4d
- SHA256
  
  ddd19c40c8ac0970b895e4a7476e9433f7cb774f6b7b550db914b0e40e636441
- SHA512
  
  9ebbe832844faca5913c8f9db6c4c8221a830e548db95473279aad15915234d455dae9457f652dca7c491ec4d42bd58d105c5f757fd0aace49b9699970664d5a
- SSDEEP
  
  6144:ktT+iT+Ayp1I2Rrz5irIMW01DASCNrxuvm2Kyeylyej/3uZGhVjS4Z2/O1t9dz+w:ktBGpNrpwuFxhM/j2QPjSfO1Xde2O
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

lokibotspywarestealertrojan