lokibot

General

Target

da3789c94460dee34c317f7461236f09.exe
Size

1.1MB
Sample

200624-x1m9lzv9ls
MD5

da3789c94460dee34c317f7461236f09
SHA1

3c5d9ea9767cf6e5e128c200cf397bc460891db4
SHA256

d2857b888fbab6dc4e36c403e86f39fedee428ba5ed45b28b8f99e59fb93ff58
SHA512

dd0b76ade86272eac66286f7c8c28c474853644d0560c66f5463161eb67338cfe59b72b0e10852857057fa97c0f0445e4610896fd2264d8bdade2ccc5c54f77c

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://104.223.170.102/typour/Panel/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  da3789c94460dee34c317f7461236f09.exe
- Size
  
  1.1MB
- MD5
  
  da3789c94460dee34c317f7461236f09
- SHA1
  
  3c5d9ea9767cf6e5e128c200cf397bc460891db4
- SHA256
  
  d2857b888fbab6dc4e36c403e86f39fedee428ba5ed45b28b8f99e59fb93ff58
- SHA512
  
  dd0b76ade86272eac66286f7c8c28c474853644d0560c66f5463161eb67338cfe59b72b0e10852857057fa97c0f0445e4610896fd2264d8bdade2ccc5c54f77c
Score

10^/10

spyware trojan stealer lokibot
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads user/profile data of web browsers

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2