lokibot

General

Target

b48bedacf7e54e532d5d32aefe7e43a1fe597edd91086119765af77b5c065ed3.exe
Size

1.1MB
Sample

210114-wmrbtqkz32
MD5

aedfd31737c70958efe28d1006d50d20
SHA1

0131cd4e5390fb80265b33f5b16acd4b238e92aa
SHA256

b48bedacf7e54e532d5d32aefe7e43a1fe597edd91086119765af77b5c065ed3
SHA512

a2004552de52ceb2729b48d48bdcce2237aac36121b4a1614b2f34e7dd569e63a4d3099a3c0bf4d7dbe9740250655fd18b3635043b1396dc544dad47add6fc7b

Score

10^/10

Malware Config

Extracted

Family

lokibot

C2

http://51.195.53.221/p.php/HsSpKI8PLZu2g

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

- Target
  
  b48bedacf7e54e532d5d32aefe7e43a1fe597edd91086119765af77b5c065ed3.exe
- Size
  
  1.1MB
- MD5
  
  aedfd31737c70958efe28d1006d50d20
- SHA1
  
  0131cd4e5390fb80265b33f5b16acd4b238e92aa
- SHA256
  
  b48bedacf7e54e532d5d32aefe7e43a1fe597edd91086119765af77b5c065ed3
- SHA512
  
  a2004552de52ceb2729b48d48bdcce2237aac36121b4a1614b2f34e7dd569e63a4d3099a3c0bf4d7dbe9740250655fd18b3635043b1396dc544dad47add6fc7b
Score

10^/10

lokibot spyware stealer trojan
- Lokibot
  Lokibot is a Password and CryptoCoin Wallet Stealer.
  trojan spyware stealer lokibot
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1

T1053

Persistence

Scheduled Task

1

T1053

Privilege Escalation

Scheduled Task

1

T1053

Defense Evasion

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v6

Tasks

static1

behavioral1

behavioral2