lokibot | 081d69da915d1ad52d8975f3425640b0166a1f5a6e32bbb8541c6b0b5555be24 | Triage

Sharing

General

Target

081d69da915d1ad52d8975f3425640b0166a1f5a6e32bbb8541c6b0b5555be24.exe
Size

357KB
Sample

200530-j3c2pvke52
MD5

7412c866bb95634ce1091f67be5b70ef
SHA1

bcbb89cc2e901bb45023d3bf6a5ba7b8af829bdf
SHA256

081d69da915d1ad52d8975f3425640b0166a1f5a6e32bbb8541c6b0b5555be24
SHA512

0f88c97a9d167a1d5dd0dab7c6cbcf369d6199e3385e99ba901784480d49e46cd0aff44a5549268bb89ee320ab06ddbf23528f8c1ae3d5afe8eea26852598724

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://adobeaccessfile.cf/Decci3/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  081d69da915d1ad52d8975f3425640b0166a1f5a6e32bbb8541c6b0b5555be24.exe
- Size
  
  357KB
- MD5
  
  7412c866bb95634ce1091f67be5b70ef
- SHA1
  
  bcbb89cc2e901bb45023d3bf6a5ba7b8af829bdf
- SHA256
  
  081d69da915d1ad52d8975f3425640b0166a1f5a6e32bbb8541c6b0b5555be24
- SHA512
  
  0f88c97a9d167a1d5dd0dab7c6cbcf369d6199e3385e99ba901784480d49e46cd0aff44a5549268bb89ee320ab06ddbf23528f8c1ae3d5afe8eea26852598724
Score

10^/10

spyware trojan stealer lokibot
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

spywaretrojanstealerlokibot

behavioral2

spywaretrojanstealerlokibot