General

  • Target

    1864cfb59340419df0dda66c8a9a5912878bef414773e0569d52cde18fdff85c.exe

  • Size

    661KB

  • Sample

    200708-h8etmaz8gx

  • MD5

    096a791524b9ff0ee657822bc7c4636b

  • SHA1

    fa3c732f69b3cd83e35a3edda7109df021b74e91

  • SHA256

    1864cfb59340419df0dda66c8a9a5912878bef414773e0569d52cde18fdff85c

  • SHA512

    950f53cd4210cebeaf7a353a7d4966a5ca25b7f5494548f04aa8287e298753d27250d1b416ad5cda08d68cb60f902d1d4fdd95be7f33fbe9617beeefb7614f03

Malware Config

Extracted

Family

lokibot

C2

http://mygreencity.in/scripts/Panel/five/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      1864cfb59340419df0dda66c8a9a5912878bef414773e0569d52cde18fdff85c.exe

    • Size

      661KB

    • MD5

      096a791524b9ff0ee657822bc7c4636b

    • SHA1

      fa3c732f69b3cd83e35a3edda7109df021b74e91

    • SHA256

      1864cfb59340419df0dda66c8a9a5912878bef414773e0569d52cde18fdff85c

    • SHA512

      950f53cd4210cebeaf7a353a7d4966a5ca25b7f5494548f04aa8287e298753d27250d1b416ad5cda08d68cb60f902d1d4fdd95be7f33fbe9617beeefb7614f03

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks