General

  • Target

    1e7c6b3a5cbc9bca9af96ac238da074c

  • Size

    260KB

  • Sample

    220131-f5195sgca2

  • MD5

    1e7c6b3a5cbc9bca9af96ac238da074c

  • SHA1

    5bd24027dd1ac9ab9ea786bdf02cc157661dbb76

  • SHA256

    ca2a87b0664849a8f35d69cabebb190ca348c84db69196c9a3da45952bc16905

  • SHA512

    c4901a69bb8d8705e50a6b820bbd8266768e409f7501684dd4377e869d1fb395b290addeac288809cf4c9fb4429c0143f30531a78f078d43130f5ab1c41dcd75

Malware Config

Extracted

Family

lokibot

C2

http://secure01-redirect.net/gc14/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      1e7c6b3a5cbc9bca9af96ac238da074c

    • Size

      260KB

    • MD5

      1e7c6b3a5cbc9bca9af96ac238da074c

    • SHA1

      5bd24027dd1ac9ab9ea786bdf02cc157661dbb76

    • SHA256

      ca2a87b0664849a8f35d69cabebb190ca348c84db69196c9a3da45952bc16905

    • SHA512

      c4901a69bb8d8705e50a6b820bbd8266768e409f7501684dd4377e869d1fb395b290addeac288809cf4c9fb4429c0143f30531a78f078d43130f5ab1c41dcd75

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

MITRE ATT&CK Enterprise v6

Tasks