lokibot | b6c1578da26c1c35f1806ae0c80d2cd81817a2e9de0a69e72f0b9dcd3013cc3f | Triage

Sharing

General

Target

1b436cf860cb4e1beb66ee4534d41b2f.exe
Size

926KB
Sample

200731-qys19jrvcs
MD5

1b436cf860cb4e1beb66ee4534d41b2f
SHA1

656f8f3c4a9e271bf91098947df89d25730aa9ff
SHA256

b6c1578da26c1c35f1806ae0c80d2cd81817a2e9de0a69e72f0b9dcd3013cc3f
SHA512

114797d1f6d89c56f8228f516804cfd7eadee04b5442f32546b3924280dcdcc96cab9d88ed04e474e7ca1471f4444207a9aba1665dbf84c07cdcaefe4de81749

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://104.223.143.234/coconut/Panel/Panel/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  1b436cf860cb4e1beb66ee4534d41b2f.exe
- Size
  
  926KB
- MD5
  
  1b436cf860cb4e1beb66ee4534d41b2f
- SHA1
  
  656f8f3c4a9e271bf91098947df89d25730aa9ff
- SHA256
  
  b6c1578da26c1c35f1806ae0c80d2cd81817a2e9de0a69e72f0b9dcd3013cc3f
- SHA512
  
  114797d1f6d89c56f8228f516804cfd7eadee04b5442f32546b3924280dcdcc96cab9d88ed04e474e7ca1471f4444207a9aba1665dbf84c07cdcaefe4de81749
Score

10^/10

spyware trojan stealer lokibot
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware
- Uses the VBS compiler for execution
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scripting

Persistence

Privilege Escalation

Defense Evasion

Scripting

Credential Access

Credentials in Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

spywaretrojanstealerlokibot

behavioral2

trojanspywarestealerlokibot