General

  • Target

    a5059c6e3bbd590aa20810ed73f51c22b0140612e59c57a349c463769a6c9236.exe

  • Size

    571KB

  • Sample

    200708-vk8s3elmtx

  • MD5

    398ddb284685140f8caf840d4c855bd2

  • SHA1

    51dbb676d72f26d9ed94ea0b0ce9df66b14158f0

  • SHA256

    a5059c6e3bbd590aa20810ed73f51c22b0140612e59c57a349c463769a6c9236

  • SHA512

    ae58226a0217f04a8e20f31b743436ff6522bb7cb296f56169b3266f0a7656da198e748ea2196344fa73872c57dac9d085a027aa420b7386af53f55521b4587d

Malware Config

Extracted

Family

lokibot

C2

http://195.69.140.147/.op/cr.php/GupQqEO3wrefD

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      a5059c6e3bbd590aa20810ed73f51c22b0140612e59c57a349c463769a6c9236.exe

    • Size

      571KB

    • MD5

      398ddb284685140f8caf840d4c855bd2

    • SHA1

      51dbb676d72f26d9ed94ea0b0ce9df66b14158f0

    • SHA256

      a5059c6e3bbd590aa20810ed73f51c22b0140612e59c57a349c463769a6c9236

    • SHA512

      ae58226a0217f04a8e20f31b743436ff6522bb7cb296f56169b3266f0a7656da198e748ea2196344fa73872c57dac9d085a027aa420b7386af53f55521b4587d

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks