Overview

overview

10

Static

static

1

URLScan

urlscan

https://github.com/r...

windows11-21h2-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    https://github.com/rojikofron/boyufronjs/blob/main/README.md

  • Sample

    250130-cldg7avjdj

Score
10/10
lokibotagilenetcollectiondefense_evasiondiscoveryspywarestealertrojan

Malware Config

Extracted

Family

lokibot

C2

http://blesblochem.com/two/gates1/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      https://github.com/rojikofron/boyufronjs/blob/main/README.md

    Score
    10/10
    lokibotagilenetcollectiondefense_evasiondiscoveryspywarestealertrojan

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

      trojanspywarestealerlokibot

    • Lokibot family

      lokibot

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Obfuscated with Agile.Net obfuscator

      Detects use of the Agile.Net commercial obfuscator, which is capable of entity renaming and control flow obfuscation.

      agilenet

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Accesses Microsoft Outlook profiles

      collection

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1

MITRE ATT&CK Enterprise v15

Tasks