lokibot | 83d4b5018957d051df2b09cb73e26e0faa5110f34b1873a4f062ad3c5811b67b | Triage

Sharing

General

Target

83d4b5018957d051df2b09cb73e26e0faa5110f34b1873a4f062ad3c5811b67b
Size

286KB
Sample

240417-rytr9scc73
MD5

f6015a2175513b3389e727141da102d6
SHA1

7fa2abb0e762bfaef6c934f1e273c49a5c264013
SHA256

83d4b5018957d051df2b09cb73e26e0faa5110f34b1873a4f062ad3c5811b67b
SHA512

a4820920226c8cb42f104a943637d7d96f517a827ded2e7fa346fa95c31ba8f45793bc5040adaa60392f4e451592b8921b3c16f6f0474fc4be7cc069906b4bf1
SSDEEP

6144:915avJQGjiLWUcaJros4cV4CSfqM4B4SqiHr4jGOoAw5Eu9+:9jxWUxros4k4CS/S7YGZN9+

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://roof.spencerstuartllc.top/alpha/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  b96ea81844a66251996075415536c413521d7886d7775df302647f41dc39558b.exe
- Size
  
  328KB
- MD5
  
  1fc7da933276f6269605ed9a727d080e
- SHA1
  
  452f7c160091b0fab9b813f3d60dd11380ab4df2
- SHA256
  
  b96ea81844a66251996075415536c413521d7886d7775df302647f41dc39558b
- SHA512
  
  121dbde33147c80e5eeaaba1a8985555f4b33f068d9359c956ad666336c353de27ee00fb5f2bfb667b0c3cf9dcf93ffeb07545572bcbefd6deddc8dcfce45cc7
- SSDEEP
  
  6144:aYvvJmwfqDKXe53ikFpgla3ivGOJPZVw8Kx3igyR+48JlUjDSGxBt383Kmxp:82Xe5ykFpgui+gh+iG48JSjDSwBtDm
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

lokibotspywarestealertrojan