lokibot

General

Target

engineserv.exe
Size

589KB
Sample

200630-enf2lx7lp2
MD5

b161e6ed6d212e7a36026eaed1f3d902
SHA1

555a223b93c90cd3f11bf3263abe9a2e16effed1
SHA256

191c7c47fec63f29c5409e19a59ae3545295928a2e0e5f83a64ce64d1e2f0c1d
SHA512

53371672ae08b1defd099e686137067dbe76392ecefccb6c6d6f1f08c62916b00fe9e909517c22ef1590d6face462e45be4b0be9d0b9c28a84b6fa7084e832bc

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://mecharnise.ir/ea3/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  engineserv.exe
- Size
  
  589KB
- MD5
  
  b161e6ed6d212e7a36026eaed1f3d902
- SHA1
  
  555a223b93c90cd3f11bf3263abe9a2e16effed1
- SHA256
  
  191c7c47fec63f29c5409e19a59ae3545295928a2e0e5f83a64ce64d1e2f0c1d
- SHA512
  
  53371672ae08b1defd099e686137067dbe76392ecefccb6c6d6f1f08c62916b00fe9e909517c22ef1590d6face462e45be4b0be9d0b9c28a84b6fa7084e832bc
Score

10^/10

spyware trojan stealer lokibot
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

1

T1081

Discovery

Lateral Movement

Collection

Data from Local System

1

T1005

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Reads user/profile data of web browsers

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2