lokibot | 5a48bdf35ddd09ce6c5be33b5523bfe002f7c4d31b2222af5e0c5303a6bd4afb | Triage

Sharing

Copy URL Twitter E-mail

General

Target

5a48bdf35ddd09ce6c5be33b5523bfe002f7c4d31b2222af5e0c5303a6bd4afb_JC.zip
Size

34KB
Sample

230820-tr8c7age23
MD5

753d415eae16bd5a002aa94c405bdcc8
SHA1

9ecfd909c3480539f799c2406420c25b56817822
SHA256

5a48bdf35ddd09ce6c5be33b5523bfe002f7c4d31b2222af5e0c5303a6bd4afb
SHA512

741e0ed7d7d37e15a1580f40ba82d5617ffd2ba527f4f6dd066a3ca97d44afaf535051222cfdeeb2884189f53f3b76e904ff2166bff0e6fc1e6282d4d2a3a4bc
SSDEEP

768:MzV4ZxxuAVdnojA4j19X9I9AAl9yK+ysV2aiVnbWte/KJmgqm/uBw4c:2Wxno0uIAAl9yK3YyAeAqKh4c

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://79.110.48.215/thirdugo/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  Payment Remittance.exe
- Size
  
  80KB
- MD5
  
  64248f401ff3f2e6b5a6cde26d471825
- SHA1
  
  7dc95f125cb2b853585279f0b172149dc0afbe7f
- SHA256
  
  d1c7799b276b84d13c7eacf2c8811e0e75c514d01a753b9319e3c38a5beb644d
- SHA512
  
  50362bcf5ce6df1c810888c66aa7a12a31ade7fdd2bef8a51fc8b00d3e5ed8ac1bc12c0f79baeb1c5e3865b3369aaf688b40b590197f99f39bbac2f0b68f1969
- SSDEEP
  
  1536:4q85SBFa+cRl2545DT2B3YAUep5kD2q4Ycdq:4q8oB0+cRwffZp5k/5d
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

behavioral2

lokibotspywarestealertrojan