General

  • Target

    c8c599f922c090c3e74101e7a8f0926369b2fd63f318ab24767307cf2cb221a6

  • Size

    342KB

  • Sample

    220415-pldjeacad5

  • MD5

    65397eee9af5d1566a75a09799ed17cb

  • SHA1

    20f77c85efd364c1f60607f8380a9798d92c645f

  • SHA256

    c8c599f922c090c3e74101e7a8f0926369b2fd63f318ab24767307cf2cb221a6

  • SHA512

    1e747f71fa51ea7fefb8bb68aad2d450c5f35c5a1948fd933c08477109161503a2263732553510ec36a8494d8e0145742f477829105427869a3ff26f7eb01f77

Malware Config

Extracted

Family

lokibot

C2

http://sieqwarteg.com/kon/kon1/fre.php

http://kbfvzoboss.bid/alien/fre.php

http://alphastand.trade/alien/fre.php

http://alphastand.win/alien/fre.php

http://alphastand.top/alien/fre.php

Targets

    • Target

      c8c599f922c090c3e74101e7a8f0926369b2fd63f318ab24767307cf2cb221a6

    • Size

      342KB

    • MD5

      65397eee9af5d1566a75a09799ed17cb

    • SHA1

      20f77c85efd364c1f60607f8380a9798d92c645f

    • SHA256

      c8c599f922c090c3e74101e7a8f0926369b2fd63f318ab24767307cf2cb221a6

    • SHA512

      1e747f71fa51ea7fefb8bb68aad2d450c5f35c5a1948fd933c08477109161503a2263732553510ec36a8494d8e0145742f477829105427869a3ff26f7eb01f77

    • Lokibot

      Lokibot is a Password and CryptoCoin Wallet Stealer.

    • Meta Stealer Stealer

      Meta Stealer steals passwords stored in browsers, written in C++.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses Microsoft Outlook profiles

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v6

Tasks