lokibot | 2598d8fe011595cd74778112ae8704ae239444808cd3dd5938f800f16d8ae1b0 | Triage

Sharing

General

Target

2598d8fe011595cd74778112ae8704ae239444808cd3dd5938f800f16d8ae1b0.exe
Size

249KB
Sample

210114-3krxrm7b5a
MD5

bbe29e9d318bce730a758a02133d753d
SHA1

da513bed0c7f0d7d595cbd23b3858e0daea8f2b5
SHA256

2598d8fe011595cd74778112ae8704ae239444808cd3dd5938f800f16d8ae1b0
SHA512

7b4d3ccf858d7744a26aed2f2e0d66f35ff3ae6df7b1d08a215fa501d62c242e4a497d0fb0500fce864689e47ace5d1c089cd4f3e26cc502da4b072629792b94

Score

10^/10

lokibot spyware stealer trojan

Malware Config

Extracted

Family

lokibot

C2

http://208.70.248.230/ty/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  2598d8fe011595cd74778112ae8704ae239444808cd3dd5938f800f16d8ae1b0.exe
- Size
  
  249KB
- MD5
  
  bbe29e9d318bce730a758a02133d753d
- SHA1
  
  da513bed0c7f0d7d595cbd23b3858e0daea8f2b5
- SHA256
  
  2598d8fe011595cd74778112ae8704ae239444808cd3dd5938f800f16d8ae1b0
- SHA512
  
  7b4d3ccf858d7744a26aed2f2e0d66f35ff3ae6df7b1d08a215fa501d62c242e4a497d0fb0500fce864689e47ace5d1c089cd4f3e26cc502da4b072629792b94
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix

Tasks

static1

behavioral1

lokibotspywarestealertrojan

behavioral2

lokibotspywarestealertrojan